Security Basics mailing list archives
RE: Database Encryption and PCI issue.
From: <m.farid.shawara () gmail com>
Date: Wed, 13 Feb 2008 09:52:43 +0200
We are not the Database or Application Developers - the Software House is .. And they are not intending to change their way - at least in the near future. Having the PIN in the database is not in our hands - and we can't stop having it - so I need a solution comply with my system ... -----Original Message----- From: Тарас Иващенко (Taras Ivashchenko) [mailto:naplanetu () gmail com] Sent: Tuesday, February 12, 2008 11:22 PM To: Mohamed Farid Cc: security-basics () securityfocus com Subject: Re: Database Encryption and PCI issue. Hello, Mohamed Farid! What is problem to use hash value (e.g. SHA1 ) of PIN as PK?
Dear All : We are in our way to have a PCI DSS complaint - and we are facing a challenge to have encryption with our Database Systems. The problem is that the Application we are using is using the PIN as a primary key in the DB tables - and this will make it very hard to encrypt the PIN columns ... Anyway - we are using Oracle 9i and the server is connected to HP SAN. Can anyone advise us: what are the systems we can go after to solve this? Is there any technique or 3rd party applications can help us to overcome this? M Farid
-- Тарас Иващенко (Taras Ivashchenko) ---- "Software is like sex: it's better when it's free." - Linus Torvalds
Current thread:
- Database Encryption and PCI issue. m.farid.shawara (Feb 12)
- Re: Database Encryption and PCI issue. Ansgar -59cobalt- Wiechers (Feb 12)
- <Possible follow-ups>
- Database Encryption and PCI issue. Mohamed Farid (Feb 12)
- Re: Database Encryption and PCI issue. Taras Ivashchenko (Feb 12)
- RE: Database Encryption and PCI issue. m.farid.shawara (Feb 13)
- RE: Database Encryption and PCI issue. Craig Wright (Feb 13)
- RE: Database Encryption and PCI issue. Craig Wright (Feb 12)
- Re: Database Encryption and PCI issue. Taras Ivashchenko (Feb 12)
- Re: Database Encryption and PCI issue. amatachick (Feb 13)