Tuesday, March 23, 2004 07:05 AM
We decided on this...
form submitted with credit card number (CC#).
CC# encrypted using TripleDES and a reference id inserted in web-connected DB. Reference id and encrypted CC# shipped to non-web-connected DB via sockets(yes there would be a custom sockets server app running on the non-web connected DB server)
Wehn the time comes for recurring billing, the reference Id in web-connected db is used to query the db table in the non-web-connected DB server (again using the custom sockets server), and the encrypted CC# is retrieved by web app, decrypted and used.
In summary 3 physical machines would be used. The App server machine, the web-connected DB server and the non-web connected DB server.
Can you poke a hole in this architecture? If so let me know