We need to store credit cards for a limited amount of time because we charge for orders as they ship and occasionally the authorization expires before the item can ship.
I know I can use AES_256 to encrypt our credit cards but I am not sure if all I need to do is follow the directions in the "How-to" for encrypting data.
I created the master key, backed it up off the server the certificate and the symmetric key and I can encrypt and decrypt data.
Is this all I need to do or am I missing something?
table Orders ord_id int ord_CudtomerID int, ord_CardNo char(16)
Example values in table CreditCardRange 1 , 5000 0000 2000 1234 , 5000 0030 3000 1356
Example values in table Orders 1, 1, 5000 0010 2000 2333
Does sql provide any magic finction to help in following select
select T1.* from Orders T1 join CreditCardRange T2 on T2.ccr_CudtomerID = t1.ord_CudtomerID and SQLMagicFunction(T1.ord_CardNo) between SQLMagicFunction(T2.ccr_CardRangeFrom ) and SQLMagicFunction(T2.ccr_CardRangeTo )
Is there any tool available that can encrypt Credit card numbers or other fields stored in the database? For example, when a customer enters his credit card number or his password on the site, is there a way by which the Front end can encrpt the field before storing it in the database and decrypt it when it the customer requests it, through the application?
As part of UK compliance, we are going to start use an encrytption package (GNUPG), which will be running on a different Server to Reporting Services. A program has been written in C#, to handle requests (from mainframe and PC applications) to encrypt/decrypt credit card details. The encrypted card details are held in an NCR Teradata data warehouse, which Reporting Services can access. The encryption can be called using a http://server/folder/program?DATA=
In Reporting Services, a Data Source connection will be made, using an OLE DB .NET connection to the Teradata machine. SQL code will be included, which will link tables and retrieving the required fields for use in the report. I want to call the encryption program to decrypt the card number, so the actual card number can be printed in the body of the report.
There will probably be a requirement to write some parameter selection SQL as well, so a card nmuber can be entered as a report parameter field, which the SQL will have to either encrypt first, then process the SQL statement down the tables.
I am new to SQL Server, DTS etc... But here is the question I have:
I have some files in a folder which have a the yr, month, date appended at the end, for e.g. testfile2005_11_28.log In a folder I have to look for the log files which are named testfileYYYY_MM_DD.log.
Dim item For Each item In logFolder.Files If (UCASE(item.Name) like ("TESTFILE" +"[0-9][0-9][0-9][0- 9]"+"_"+"[0-12][0-12]"+"_"+"[0-3][0-9]" + ".log") )Then msgbox item.Name End For
I am getting compilation error: "Sub or Function not found" in the If statement. Can anyone please help me?
Hi, I am using Visual Studio 2005. I am trying to create a ASP.net website and use a web form to get the results of an enquiry. It is almost the same as the presentation video on this website called "How to Create Data Driven Website", but I have added a new twist to it. I want to use the "LIKE" instead of "=" in my SQL statement and I want to use wild cards in the parameter value that I enter. <form id="form1" runat="server"> <div> <asp:TextBox ID="TextBox1" runat="server"></asp:TextBox> <% dim str as string = "%" & textbox1.text & "%" </%> <asp:TextBox ID="TextBox2" runat="server" Visible="False" Text=str></asp:TextBox> <asp:Button ID="Button1" runat="server" Text="Submit" Width="87px" BackColor="Khaki" ForeColor="Navy" PostBackUrl="~/Default.aspx" /> and the ControlID of the Datagrid will take in the value of "TextBox2" instead of "TextBox1" as so: <SelectParameters> <asp:ControlParameter ControlID="TextBox2" DefaultValue="SO06000001" Name="SO" PropertyName="Text" Type="String" /> However the syntax above does not work. May I ask what is the correct syntax? Thanks. Peter
I have created two user defined functions for encryption and decryption using passphrase mechanism. When I call encryption function, each time I am getting the different values for the same input. While I searching a particular value, it takes long time to retrieve due to calling decryption function for each row.
best way to encrypt and decrypt using user defined functions.Below is the query which is taking long time.
SELECT ID FROM table WITH (NOLOCK) WHERE dbo.DecodeFunction(column) = 'value'
When I try to use symetric or asymetric encryption, I am not able to put "OPEN SYMETRIC KEY" code in a function. So, I am using PassPhrase mechanism.
I am new to SQL developement ( am .Net developer). I need to implement a stored proc in sql 2005 on CC expiration task.
I have CC exiration date. By using expiration date (like '01/08'),
Conditions are:
1. If CC expiring within 31 days. Stored proc will write the Customer data in EmailNotification table with message type =1. (Customer will not get second notification until 14 days before expiring)
2. If CC expiring within 14 days. Stored proc will write the customer data in EmailNotification table with message type =2. (Customer will not get second notification until 11 days before expiring)
3. If CC expiring within 11 days. Stored proc will write the customer data in EmailNotification table with message type =3. (Customer will not get second notification until 2 days before expiring)
4. If CC expiring within 2 days. Stored proc will write the customer data in EmailNotification table with message type and update orderStatusID to On Hold CC Expired in order table.
My Tables are
1.
TABLE [dbo].[Order]( [OrderID] [int] IDENTITY(1,1) NOT NULL, [CustomerID] [int] NOT NULL, [CustomerCode] [nvarchar](12) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL, [DateCreated] [datetime] NOT NULL, [DateOrdered] [datetime] NOT NULL, [OrderTypeID] [int] NULL, [OrderStatusID] [int] NULL, [LastProcessDate] [datetime] NULL,
2. CREATE TABLE [dbo].[Payment]( [PaymentID] [int] IDENTITY(1,1) NOT NULL, [OrderID] [int] NOT NULL, [OrderPaymentType] [nvarchar](50) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL, [PaymentType] [nvarchar](2) COLLATE SQL_Latin1_General_CP1_CI_AS NULL, [CreditCardNumber] [varbinary](max) NULL, [Last4DigitsOfCreditCardNumber] [nvarchar](4) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL, [ExpirationDate] [varbinary](max) NULL, [CVV2] [varbinary](max) NULL, [Amount] [numeric](18, 2) NOT NULL
3. CREATE TABLE [dbo].[Customer]( [CustomerID] [int] IDENTITY(1,1) NOT NULL, [CustomerCode] AS ([dbo].[udf_FormatCode]('RS',[CustomerID])), [Email] [nvarchar](100) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL, [FirstName] [nvarchar](20) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL, [MiddleName] [nvarchar](20) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL, [LastName] [nvarchar](20) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL, [DateCreated] [datetime] NOT NULL, [DateModified] [datetime] NOT NULL, [MembershipTypeID] [int] NULL
Please atleast basic structure of stored proc code. It will greatful to me.
I have successfully finish Oracle OCA Exam. Currently I am Microsoft Certified Database administrator(MCDBA) I would like to know there is any way I could use OCA Credit to any Microsoft Exam. If any advice will be helpful.
Thanks Faiz Farazi www.databasetimes.net Best learning center for Microsoft http://www.lascomp.com
Hi friends, i got an issue on my website regarding theft of cc details...sql db contains credit card details table ... it has been hacked by someone...we have analysed that latest cards are misused.. i have tried different scenarios(sql injection) ... what are all the key things have to check and implement .can any one advise please..
Hello there,I just want to ask if storing data in dbase is much better than storing it in the file system? Because for one, i am currenlty developing my thesis which uploads a blob.doc file to a web server (currently i'm using the localhost of ASP.NET) then retrieves it from the local hostAlso i want to know if im right at this, the localhost of ASP.NET is the same as the one of a natural web server on the net? Because i'm just thinking of uploading and downloading the files from a web server. Although our thesis defense didn't require us to really upload it on the net, we were advised to use a localhost on our PC's. I'll be just using my local server Is it ok to just use a web server for storing files than a database?
I have typed a query by combining multiple tables to show sum of TotalReceivedAmount by MRN. It also have payment mode which is paid by cash or credit card. Now the query shows the sum for MRN combining all the payment done by credit card and cash. How am I supposed to show the amount paid by credit card and cash separately?
Here is the query :
SELECT Distinct dbo.CA_Payment.MRN, dbo.CA_Patient.FirstName, dbo.CA_PaymentModeMaster.Description AS PaymentMode, CASE (dbo.CA_Payment.PaymentModeID) WHEN 2 THEN dbo.CA_Payment.CardNumber END AS CreditCardNumber, CASE (CA_Registration.PatientTypeID) WHEN 1 THEN dbo.CA_PatientTypeMaster.Description WHEN 2 THEN dbo.CA_DebtorMaster.DebtorName END AS Debtor,
Hi,A co-worker is creating a vb.net web application which uses theCryptKeeper.dll to encrypt credit card numbers into a sql database.It is my job to pull these encrypted numbers and use the decryptmethod of this dll to show the credit card numbers on a ReportingServices report. I'm not even sure where this should be done. In thesql stored procedure or in the report itself? Any help would begreatly appreciated.Thanks in advance,Amy Bolden
I was wondering if anyone out there knows if it is possible to encrypt a particular field in a table, or encrypt a whole table. The info would remain on my database and not be sent out anywhere, but I just want an extra level of security against anyone who might try to break into the database.
Is there a function that can encryp the data in a table(or certain column)? So if the table or column was query the person would see something like " !#)&%^#@ ". suggestion are welcome.
Is there a way to encrypt the data ( I mean actual data stored in a table)in a SQLServer. I know how to encrypt procedures, views, Net-libraries ......
How to get the encryption of certain characters, such as '12345' or 'hello'. Is any function to take regular characters and return the encryption form of those characters? Please help.
My client requested that the password field of a login table be encrypted using H5 Encryption. I've been searching throughout the net and MSDN for the function or procedure and can't find it. Does anybody know how?
Hello, I am needing to migrate an Access database to Sql Server Express. This database will be distributed as part of a VB 6 application. This database will have some of the columns encrypted. My understanding is that SQL Server Express supports encryption. We will need to be able to run queries on encrypted data like this, with LastName being an encrypted column in the database.
Select LastName from Account where LastName = 'Smith' Select LastName from Account where LastName Like 'Sm%' Update Account Set where LastName = sLastName
Can this be done using SQL Server 2005 Express and VB 6?
hi all, ive download some application, but they encrypt their Stored Proc and some Views.. 1.how to encrypt SP? 2.is it possible to decrypt whateva that encrypted?
Hai I am new to SQL server and working on Encryption.I just want to know whether it is better to encrpt a data in database or in the code itself.I want to encrypt a number and not a text.which one would u suggest RC4 algorithm or pwdencrypt..any one plz reply soon..
Hi, i was wondering if the whole table can be encrypted using MS SQL Server 2005. This at present can be done using third party softwares. Performance won't be an issue.
I am using server 2005 running on a windows server 2003 platform. I am trying to do field encryption using symmetric key implemented by the AES algorithm. I created an AES key and apparently it encrypts the data with no problem, however when I try to retrieve the data after decryption the field is always null. I tried using the same process while using the DES or RC2 algorithm and I could both encrypt and decrypt information, however it does not decrypt for any of the AES algorithm i.e. AES_128, AES_192 and AES_256. Attached is a simple query I used to test it.
create symmetric key CCardKeys with algorithm = aes_192 encryption by password = 'P@s$w0rD'
open symmetric key CCardKeys decryption by password = 'P@s$w0rD'
declare @Id varchar(50) set @Id = encryptbykey(key_guid('CCardKeys'),'Test')
Here is my goal please let me know if it is possible.
I have installed sql express on clients machines. I don't want them to be able to view the sp's or the functions. I would like to go as far as not allowing them to see the tables. I tried with encrption but this is still breakable by the user using the DAC.
UID, name, SSN, phone,address. I need to encrypt all the fields except UID. My company recently moved to sql server 2005 and I have to encrypt old data. We do perform query search based on username and SSN
I have very shallow knowledge of encryption and indexes. I did looked at one of the articles on encrypting data on existing application but could not understand the indexing part(:()
Do i have to define new fields with varbinary as datatype(for ssn, name,phone number) ? I am asking this because in the demo only ssn_index has varbinary and the ssn field is still nvarchar?
