|
WebApp Sec
mailing list archives
Re: storing SSNs, CCNs, password in the DB
From: Alvin Oga <alvin.sec () Virtual Linux-Consulting com>
Date: Mon, 28 Feb 2005 01:07:33 -0800 (PST)
hi ya
What is the most secure way to store SSNs, CCNs, and passwords in the
DB?
the place where senstive info is stored should be using an encrypted fs
where data is encrypted/decrypted on the fly per inquiry
change keys often and that it only works from certain machines
and certain accts
Is this a good general policy?
assume that the cracker is watching everything, including your keystrokes
and protect your data accordingly ... and audit your hardware too
c ya
alvin
 By Date 
By Thread
Current thread:
- Re: storing SSNs, CCNs, password in the DB, (continued)
- Re: storing SSNs, CCNs, password in the DB Adam Shostack (Feb 28)
- Re: storing SSNs, CCNs, password in the DB Francesco (Feb 28)
- Re: storing SSNs, CCNs, password in the DB Andrew van der Stock (Mar 01)
- Re: storing SSNs, CCNs, password in the DB Paul Johnston (Mar 01)
- Re: storing SSNs, CCNs, password in the DB Joseph Miller (Mar 01)
- Re: storing SSNs, CCNs, password in the DB Alvin Oga (Mar 01)
- Re: Solutions, Results, and Comments - Was [ISA Server and SQL Injection] Jeff Williams (Feb 28)
- Re: Solutions, Results, and Comments - Was [ISA Server and SQL Injection] Jeremiah Grossman (Mar 01)
- Re: Solutions, Results, and Comments - Was [ISA Server and SQL Injection] Jeff Williams (Mar 01)
- Re: Solutions, Results, and Comments - Was [ISA Server and SQL Injection] Jeremiah Grossman (Mar 01)
- Re: Solutions, Results, and Comments - Was [ISA Server and SQL Injection] Jeff Williams (Mar 01)
|
Intro
