DotNetInvoice Forums

DotNetInvoice Invoicing Script Discussion Forum

Welcome to DotNetInvoice Forums Sign in | Join | Help

DotNetInvoice Forums » DotNetInvoice (SQL Version) » General Questions & Commen... » Re: Security Questions

Security Questions

Last post 12-15-2007, 7:28 AM by support. 1 replies.


	Sort Posts: Previous Next

12-13-2007, 12:55 AM 221

ggmike
Joined on 12-13-2007
Posts 1

Security Questions

Reply Quote

Your product looks like just what I need, but I had some questions regarding the security:

Are you storing the full credit card information for each customer in the database? If so, is it encrypted?

What steps have you take to make sure that the application is as secure as possible?

My primary concern is that if someone hacks into my database server, they will have access to all my client's credit cards thus putting me in a world of hurt...

Thanks!

Report abuse

12-15-2007, 7:28 AM 222 in reply to 221

support
Joined on 02-19-2007
Los Angeles, CA
Posts 135

Re: Security Questions

Reply Quote

Hi Mike,

In order to run recurring charges we store the client's full encrypted credit card number. The number is encrypted using the .NET Framework's built in encryption classes, and uses the TripleDES algorithm. Here's a snippet on this algorithm from Wikipedia:

"As of 2005, the best attack known on 3-key TDES requires around 232 known plaintexts, 2113 steps, 290 single DES encryptions, and 288 memory. This is not currently practical..."

In other words, it's quite safe.

In addition, per VISA standards we never store the customer's CVV code. We also validate all input for SQL Injection attacks and js injection attacks, and encrypt client passwords using the Microsoft ASP.NET Membership Provider's built-in facility.

Let me know if you have any other questions,

---
Rob
DotNetInvoice Support

Report abuse

Powered by Community Server (Personal Edition), by Telligent Systems