Encryption And Storing Credit Cards
Mar 24, 2007
We need to store credit cards for a limited amount of time because we charge for orders as they ship and occasionally the authorization expires before the item can ship.
I know I can use AES_256 to encrypt our credit cards but I am not sure if all I need to do is follow the directions in the "How-to" for encrypting data.
I created the master key, backed it up off the server the certificate and the symmetric key and I can encrypt and decrypt data.
Is this all I need to do or am I missing something?
View 4 Replies
ADVERTISEMENT
Oct 17, 2005
Hi ,
we have CreditCardRange table
create table CreditCardRange(
ccr_CudtomerID int,
ccr_CardRangeFrom char(16),
ccr_CardRangeTo char(16)
)
table Orders
ord_id int
ord_CudtomerID int,
ord_CardNo char(16)
Example values in table CreditCardRange
1 , 5000 0000 2000 1234 , 5000 0030 3000 1356
Example values in table Orders
1, 1, 5000 0010 2000 2333
Does sql provide any magic finction to help in following select
select T1.*
from Orders T1
join CreditCardRange T2
on T2.ccr_CudtomerID = t1.ord_CudtomerID
and
SQLMagicFunction(T1.ord_CardNo)
between
SQLMagicFunction(T2.ccr_CardRangeFrom )
and
SQLMagicFunction(T2.ccr_CardRangeTo )
View 2 Replies
View Related
Sep 11, 2007
Dear All,
I need to keep credit cardd details in a an SQL server table.
What's the best way to make sure data is secure? Is there any built in encryption that can be used so data is not stored as text?
Thanks
View 3 Replies
View Related
Aug 11, 2000
Is there any tool available that can encrypt Credit card numbers or other fields stored in the database? For example, when a customer enters his credit card number or his password on the site, is there a way by which the Front end can encrpt the field before storing it in the database and decrypt it when it the customer requests it, through the application?
Thank you in advance
Praveena
View 12 Replies
View Related
Aug 23, 2007
Hello Everyone
As part of UK compliance, we are going to start use an encrytption package (GNUPG), which will be running on a different Server to Reporting Services. A program has been written in C#, to handle requests (from mainframe and PC applications) to encrypt/decrypt credit card details. The encrypted card details are held in an NCR Teradata data warehouse, which Reporting Services can access. The encryption can be called using a http://server/folder/program?DATA=
In Reporting Services, a Data Source connection will be made, using an OLE DB .NET connection to the Teradata machine. SQL code will be included, which will link tables and retrieving the required fields for use in the report. I want to call the encryption program to decrypt the card number, so the actual card number can be printed in the body of the report.
There will probably be a requirement to write some parameter selection SQL as well, so a card nmuber can be entered as a report parameter field, which the SQL will have to either encrypt first, then process the SQL statement down the tables.
Has anybody use this technique before?
Thanks
Graham N.
View 2 Replies
View Related
Nov 28, 2005
Hi All
I am new to SQL Server, DTS etc... But here is the question I have:
I have some files in a folder which have a the yr, month, date appended at the end, for e.g. testfile2005_11_28.log
In a folder I have to look for the log files which are named
testfileYYYY_MM_DD.log.
Dim item
For Each item In logFolder.Files
If (UCASE(item.Name) like ("TESTFILE" +"[0-9][0-9][0-9][0-
9]"+"_"+"[0-12][0-12]"+"_"+"[0-3][0-9]" + ".log") )Then
msgbox item.Name
End For
I am getting compilation error: "Sub or Function not found" in the If
statement. Can anyone please help me?
Thanks,
D
View 1 Replies
View Related
Mar 4, 2008
Hi all I am rather confused on about using the SQL LIKE statement along with square brackets. If I type the following SQL command in SQL Server 2005:
Code Snippet
SELECT * FROM Table1 WHERE Field1 LIKE '%[ggg]%'
All rows from my Table are selected. ^^
If I used this command:
Code Snippet
SELECT * FROM Table1 WHERE Field1 LIKE '%ggg%'
No rows are returned. ^^
PLEASE NOTE THE USE OF SQUARE BRACKETS IN SQL LIKE STATEMENT.
Thanks for responses, Onam.
View 4 Replies
View Related
Dec 11, 2006
Hi,
I am using Visual Studio 2005. I am trying to create a ASP.net website and use a web form to get the results of an enquiry. It is almost the same as the presentation video on this website called "How to Create Data Driven Website", but I have added a new twist to it. I want to use the "LIKE" instead of "=" in my SQL statement and I want to use wild cards in the parameter value that I enter.
<form id="form1" runat="server"> <div> <asp:TextBox ID="TextBox1" runat="server"></asp:TextBox>
<% dim str as string = "%" & textbox1.text & "%" </%> <asp:TextBox ID="TextBox2" runat="server" Visible="False" Text=str></asp:TextBox> <asp:Button ID="Button1" runat="server" Text="Submit" Width="87px" BackColor="Khaki" ForeColor="Navy" PostBackUrl="~/Default.aspx" />
and the ControlID of the Datagrid will take in the value of "TextBox2" instead of "TextBox1" as so:
<SelectParameters> <asp:ControlParameter ControlID="TextBox2" DefaultValue="SO06000001" Name="SO" PropertyName="Text" Type="String" />
However the syntax above does not work. May I ask what is the correct syntax?
Thanks.
Peter
View 2 Replies
View Related
Jul 13, 2004
Does anyone have any strings or links I can use to help with creating a mod-10 stored proc?
I am really stuck on step 1, which is flipping the numbers (ex 1234 -> 4321)..
Any information pretaining to MOD-10 and MSSQL would be MUCH appriciated..
View 2 Replies
View Related
Oct 7, 2015
I have created two user defined functions for encryption and decryption using passphrase mechanism. When I call encryption function, each time I am getting the different values for the same input. While I searching a particular value, it takes long time to retrieve due to calling decryption function for each row.
best way to encrypt and decrypt using user defined functions.Below is the query which is taking long time.
SELECT ID FROM table WITH (NOLOCK)
WHERE dbo.DecodeFunction(column) = 'value'
When I try to use symetric or asymetric encryption, I am not able to put "OPEN SYMETRIC KEY" code in a function. So, I am using PassPhrase mechanism.
View 3 Replies
View Related
Dec 17, 2007
Hi friends,
I am new to SQL developement ( am .Net developer). I need to implement a stored proc in sql 2005 on CC expiration task.
I have CC exiration date.
By using expiration date (like '01/08'),
Conditions are:
1. If CC expiring within 31 days. Stored proc will write the Customer data in EmailNotification table with message type =1. (Customer will not get second notification until 14 days before expiring)
2. If CC expiring within 14 days. Stored proc will write the customer data in EmailNotification table with message type =2. (Customer will not get second notification until 11 days before expiring)
3. If CC expiring within 11 days. Stored proc will write the customer data in EmailNotification table with message type =3. (Customer will not get second notification until 2 days before expiring)
4. If CC expiring within 2 days. Stored proc will write the customer data in EmailNotification table with message type and update orderStatusID to On Hold CC Expired in order table.
My Tables are
1.
TABLE [dbo].[Order](
[OrderID] [int] IDENTITY(1,1) NOT NULL,
[CustomerID] [int] NOT NULL,
[CustomerCode] [nvarchar](12) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL,
[DateCreated] [datetime] NOT NULL,
[DateOrdered] [datetime] NOT NULL,
[OrderTypeID] [int] NULL,
[OrderStatusID] [int] NULL,
[LastProcessDate] [datetime] NULL,
2. CREATE TABLE [dbo].[Payment](
[PaymentID] [int] IDENTITY(1,1) NOT NULL,
[OrderID] [int] NOT NULL,
[OrderPaymentType] [nvarchar](50) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL,
[PaymentType] [nvarchar](2) COLLATE SQL_Latin1_General_CP1_CI_AS NULL,
[CreditCardNumber] [varbinary](max) NULL,
[Last4DigitsOfCreditCardNumber] [nvarchar](4) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL,
[ExpirationDate] [varbinary](max) NULL,
[CVV2] [varbinary](max) NULL,
[Amount] [numeric](18, 2) NOT NULL
3. CREATE TABLE [dbo].[Customer](
[CustomerID] [int] IDENTITY(1,1) NOT NULL,
[CustomerCode] AS ([dbo].[udf_FormatCode]('RS',[CustomerID])),
[Email] [nvarchar](100) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL,
[FirstName] [nvarchar](20) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL,
[MiddleName] [nvarchar](20) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL,
[LastName] [nvarchar](20) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL,
[DateCreated] [datetime] NOT NULL,
[DateModified] [datetime] NOT NULL,
[MembershipTypeID] [int] NULL
Please atleast basic structure of stored proc code. It will greatful to me.
Thanks in advance
srikanth
View 3 Replies
View Related
Mar 20, 2007
I have successfully finish Oracle OCA Exam. Currently I am Microsoft Certified Database administrator(MCDBA) I would like to know there is any way I could use OCA Credit to any Microsoft Exam. If any advice will be helpful.
Thanks
Faiz Farazi
www.databasetimes.net
Best learning center for Microsoft
http://www.lascomp.com
View 3 Replies
View Related
Feb 6, 2008
Hi friends,
i got an issue on my website regarding theft of cc details...sql db contains credit card details table ... it has been hacked by someone...we have analysed that latest cards are misused.. i have tried different scenarios(sql injection) ... what are all the key things have to check and implement .can any one advise please..
thanx in advance,
raj
View 1 Replies
View Related
Dec 29, 2006
Hello there,I just want to ask if storing data in dbase is much better than storing it in the file system? Because for one, i am currenlty developing my thesis which uploads a blob.doc file to a web server (currently i'm using the localhost of ASP.NET) then retrieves it from the local hostAlso i want to know if im right at this, the localhost of ASP.NET is the same as the one of a natural web server on the net? Because i'm just thinking of uploading and downloading the files from a web server. Although our thesis defense didn't require us to really upload it on the net, we were advised to use a localhost on our PC's. I'll be just using my local server Is it ok to just use a web server for storing files than a database?
View 6 Replies
View Related
Nov 19, 2015
I have typed a query by combining multiple tables to show sum of TotalReceivedAmount by MRN. It also have payment mode which is paid by cash or credit card. Now the query shows the sum for MRN combining all the payment done by credit card and cash. How am I supposed to show the amount paid by credit card and cash separately?
Here is the query :
SELECT Distinct dbo.CA_Payment.MRN, dbo.CA_Patient.FirstName, dbo.CA_PaymentModeMaster.Description AS PaymentMode,
CASE (dbo.CA_Payment.PaymentModeID) WHEN 2 THEN dbo.CA_Payment.CardNumber END AS CreditCardNumber, CASE (CA_Registration.PatientTypeID)
WHEN 1 THEN dbo.CA_PatientTypeMaster.Description WHEN 2 THEN dbo.CA_DebtorMaster.DebtorName END AS Debtor,
[Code ....
View 6 Replies
View Related
Apr 20, 2015
I have this data:
clientcreditCardamount
1A10
1A20
1B40
1C5
1C10
1C20
I need to write a query (Oracle) that will return the clientID and the creditCard type with the highest spending :
In this case:
clientcreditCard
1B
View 4 Replies
View Related
Jul 20, 2005
Hi,A co-worker is creating a vb.net web application which uses theCryptKeeper.dll to encrypt credit card numbers into a sql database.It is my job to pull these encrypted numbers and use the decryptmethod of this dll to show the credit card numbers on a ReportingServices report. I'm not even sure where this should be done. In thesql stored procedure or in the report itself? Any help would begreatly appreciated.Thanks in advance,Amy Bolden
View 1 Replies
View Related
Aug 4, 2000
I was wondering if anyone out there knows if it is possible to encrypt a particular field in a table, or encrypt a whole table. The info would remain on my database and not be sent out anywhere, but I just want an extra level of security against anyone who might try to break into the database.
View 2 Replies
View Related
Feb 23, 2000
Is there a function that can encryp the data in a table(or certain column)?
So if the table or column was query the person would see something like " !#)&%^#@ ". suggestion are welcome.
Kevin
View 1 Replies
View Related
Jun 19, 2002
Hello,
Is there a way to encrypt the data ( I mean actual data stored
in a table)in a SQLServer.
I know how to encrypt procedures, views, Net-libraries ......
Please help!!!!
Thanks.
View 1 Replies
View Related
Aug 23, 2002
How to get the encryption of certain characters, such as '12345' or 'hello'. Is any function to take regular characters and return the encryption form of those characters?
Please help.
View 1 Replies
View Related
Nov 6, 2005
My client requested that the password field of a login table be encrypted using H5 Encryption. I've been searching throughout the net and MSDN for the function or procedure and can't find it. Does anybody know how?
View 1 Replies
View Related
Apr 23, 2008
I developed a small VB6 application VB6 that get data from SAP sql database
Now they want that the users logon to this small app using the same username & password that they used in SAP
I can read the users' table, I can get the username
But the password is encrypted
Probably with a Function
Anybody know how can I encrypt the typed password so I can compare with the saved password
I don't want to view or modify them, just compare with the password typed by the user
Thanks
JG
View 1 Replies
View Related
Jul 7, 2005
Hello,
I am needing to migrate an Access database to Sql Server
Express. This database will be distributed as part of a
VB 6 application. This database will have some of the
columns encrypted. My understanding is that SQL Server
Express supports encryption. We will need to be able to
run queries on encrypted data like this, with
LastName being an encrypted column in the database.
Select LastName from Account where LastName = 'Smith'
Select LastName from Account where LastName Like 'Sm%'
Update Account Set where LastName = sLastName
Can this be done using SQL Server 2005 Express and VB 6?
Thanks!
View 1 Replies
View Related
Apr 4, 2007
hi all,
ive download some application, but they encrypt their Stored Proc and some Views..
1.how to encrypt SP?
2.is it possible to decrypt whateva that encrypted?
~~~Focus on problem, not solution~~~
View 19 Replies
View Related
Oct 3, 2007
Hai
I am new to SQL server and working on Encryption.I just want to know whether it is better to encrpt a data in database or in the code itself.I want to encrypt a number and not a text.which one would u suggest RC4 algorithm or pwdencrypt..any one plz reply soon..
View 13 Replies
View Related
Oct 3, 2007
Hi. Im new to SQLserver. I need to encrypt a column of datatype decimal. Which is better RC4 Algorithm or PWDencrypt() and PWDcompare().
Sundaresan.R
View 5 Replies
View Related
Feb 28, 2008
how i can open encrypted stored procedure
View 3 Replies
View Related
Apr 12, 2007
Hi,
i was wondering if the whole table can be encrypted using MS SQL Server 2005. This at present can be done using third party softwares.
Performance won't be an issue.
Thanks and regards,
Chandrachurh
View 6 Replies
View Related
Jan 11, 2008
I am using server 2005 running on a windows server 2003 platform. I am trying to do field encryption using symmetric key implemented by the AES algorithm. I created an AES key and apparently it encrypts the data with no problem, however when I try to retrieve the data after decryption the field is always null. I tried using the same process while using the DES or RC2 algorithm and I could both encrypt and decrypt information, however it does not decrypt for any of the AES algorithm i.e. AES_128, AES_192 and AES_256. Attached is a simple query I used to test it.
create symmetric key CCardKeys
with algorithm = aes_192
encryption by password = 'P@s$w0rD'
open symmetric key CCardKeys
decryption by password = 'P@s$w0rD'
declare @Id varchar(50)
set @Id = encryptbykey(key_guid('CCardKeys'),'Test')
select convert(varchar(50),decryptbykey(@Id))
close symmetric key CCardKeys
Is there something I'm missing with AES.
Thanks for taking the time to help me.
View 3 Replies
View Related
Apr 19, 2007
Here is my goal please let me know if it is possible.
I have installed sql express on clients machines. I don't want them to be able to view the sp's or the functions. I would like to go as far as not allowing them to see the tables. I tried with encrption but this is still breakable by the user using the DAC.
Thanks
View 15 Replies
View Related
Mar 5, 2007
I have a user table with Fields:
UID, name, SSN, phone,address. I need to encrypt all the fields except UID. My company recently moved to sql server 2005 and I have to encrypt old data. We do perform query search based on username and SSN
I have very shallow knowledge of encryption and indexes. I did looked at one of the articles on encrypting data on existing application but could not understand the indexing part(:()
Do i have to define new fields with varbinary as datatype(for ssn, name,phone number) ? I am asking this because in the demo only ssn_index has varbinary and the ssn field is still nvarchar?
Any help will be appreciated.
Thanks,
K
View 11 Replies
View Related
Sep 4, 2006
I have tried to encrypt by certificate and by symmetric key. In all cases the decryption comes back as null. Any ideas why?
I have used the code from a learnin tree course and the encryption works OK. I have also added a grant to the certificate to the login
View 1 Replies
View Related
