Can someone suggest a CF solution to encrypt sensitive data
to a database? I need to encrypt passwords and credit card data, im
not sure that any CF tags such as Hash() encrypt(), etc would work
well considering they require a key that isnt hidden or encrypted.
Ideas? Recommendations? Thanks!
You have to installed Sun's unlimited length encrypt policy,
but you can do AES 256 using the coldfusion which is recommended
for PCI compliance. You can cfencode the file that contains the key
to keep it out of clear text.
Read up on PCI though (
encryption is only the tip of the iceberg and securing keys in a
scripted environment is VERY difficult and virtually impossible in
a shared environment. You should reevaluate the need to store
credit card data at all. There are options available that give you
all the same control without the need for your application to store
the information. Google "secure credit card tokenization" and you
should see some options. Good luck.