[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: using userPassword attribute

To: "Adam Williams6" <awilliam@whitemice.org>, "Mahesh Patil" <Mahesh.Patil@Netdecisions.com>
Subject: RE: using userPassword attribute
From: "Michael Cunningham" <m.cunningham@xpedite.com>
Date: Mon, 1 Apr 2002 11:59:34 -0500
Cc: <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <Pine.LNX.4.44.0204011031510.21609-100000@estate1.whitemice.org>

> >	Do you have any idea on "storing encrypted creditcard numbers in
> >LDAP and retrieving them" ???
> 
> Most crypto worth anything is one-way, like a password hash.  So there is 
> no 'getting them back'.  I'd recommend storing things like cc numbers in 
> the clear and defining an ACL that only allows clients using some level of 
> encryption to retrieve the values (see the ssf directive).

Never store CC numbers in the clear.. At least use something 
like pgp to keep out the curious. I suggest a multi level 
approach. Store the last 4 digits of a credit card as 
text in ldap so a person using a web site can identify the 
credit card they saved in your system. The real credit card 
number should be pgp encrypted with at least 2048 bit key
and then stored in ldap. You would store the private 
key safely on a seperate highly hardened and protected system which 
has the capability of processing the credit card transactions. 

Thanks.. Mike

References:
- RE: using userPassword attribute
  - From: Adam Williams6 <awilliam@whitemice.org>

Prev by Date: Re: eduPerson schema
Next by Date: PHP and LDAPv3
Index(es):
- Chronological
- Thread