what is the best way to store passwords and credit card information in SQL Server 2005?
This question was answered previously in another newsgroup a while back, but here goes a short version: 1) Store a one-way hash of passwords, do not store the plain text or even bother encrypting the plain text. Just hash it, and generate a hash to compare user input at login time. 2) Use the built-in encryption functionality to encrypt CC information. But make sure that you actually need to store it (don't store an CC information that's not required), and also make sure that you are *allowed* to store CC information per your agreement with your CC processor or CC company. Most CC service contracts now also include levels of detail including the specific encryption algorithms which must be used, and which data can be stored on your systems. You need to stay within your contractual obligations or you could open your organization up to liability or loss of service if something were to happen. "dr" wrote in message news:%23Ob6tlgEIHA.4752@TK2MSFTNGP04.phx.gbl... > what is the best way to store passwords and credit card information in SQL > Server 2005? >
