Ron Johnson wrote: > On 06/04/07 17:54, Guy Rouillier wrote: > >Many people consider two-way encryption to be insecure; two-way > >encryption means you can decrypt a value if you know the key, and it is > >insecure because you usually have to put the key into the source code. > >That means at least one person in your company, the programmer > >maintaining the source code, can learn all of your users' passwords. > > Two-way encryption is needed for companies that store customer > credit cards.
I thought that the advice for companies storing customer CCs was: don't. -- Alvaro Herrera http://www.CommandPrompt.com/ The PostgreSQL Company - Command Prompt, Inc. ---------------------------(end of broadcast)--------------------------- TIP 2: Don't 'kill -9' the postmaster
