RE: Database Encryption and PCI issue.

[<m.farid.shawara () gmail com>]

We are not the Database or Application Developers - the Software House is ..
And they are not intending to change their way - at least in the near
future.

Having the PIN in the database is not in our hands - and we can't stop
having it - so I need a solution comply with my system ...

-----Original Message-----
From: Тарас Иващенко (Taras Ivashchenko) [mailto:naplanetu () gmail com] 
Sent: Tuesday, February 12, 2008 11:22 PM
To: Mohamed Farid
Cc: security-basics () securityfocus com
Subject: Re: Database Encryption and PCI issue.

Hello, Mohamed Farid!

What is problem to use hash value (e.g. SHA1 ) of PIN as PK?

> Dear All :
> We are in our way to have a PCI DSS complaint - and we are facing a
> challenge to have encryption with our Database Systems.
>
> The problem is that the Application we are using is using the PIN as a
> primary key in the DB tables - and this will make it very hard to
> encrypt the PIN columns ...
>
> Anyway - we are using Oracle 9i and the server is connected to HP SAN.
> Can anyone advise us: what are the systems we can go after to solve
> this?
> Is there any technique or 3rd party applications can help us to overcome
> this?
>
> M Farid

-- 
Тарас Иващенко (Taras Ivashchenko)
----
"Software is like sex: it's better when it's free." - Linus Torvalds