Sep 19th, 2011, 12:25 PM
Actually, I'm afraid not! Right now, there's no encryption done on any fields except Form Tools user account password fields.
Generally it's never a good idea to store credit card information. I know that sometimes it's a necessity, but I'd avoid it if you can.
Quick explanation about why encryption hasn't been added yet.
The thing is, if you were to store credit card info, you'd need to use what's called "two-way encryption", unlike password encryption which is one-way. One way is far more secure than two-way.
To explain: when you log in, you always type in your password. To confirm that that password is valid, the system encrypts the supplied password and compares it with the encrypted value stored in the database. This way, the saved, encrypted password is never actually decrypted - and in fact, it can't be: that's the purpose of 1-way encryption.
But if you ever need to encrypt other information (like credit cards), it means you want to re-use it later on, which means it'll have to be decrypted later on. Two-way encryption is so limited from a security point of view, it never struck me as worth it... if someone were to get access to your database, they could easily find out the encryption method and decrypt it themselves.
So that's why I haven't bothered adding this feature yet. That said, it would be a relatively easy module to put together, I suppose...
Sorry I couldn't be any help.
- Ben
Generally it's never a good idea to store credit card information. I know that sometimes it's a necessity, but I'd avoid it if you can.
Quick explanation about why encryption hasn't been added yet.
The thing is, if you were to store credit card info, you'd need to use what's called "two-way encryption", unlike password encryption which is one-way. One way is far more secure than two-way.
To explain: when you log in, you always type in your password. To confirm that that password is valid, the system encrypts the supplied password and compares it with the encrypted value stored in the database. This way, the saved, encrypted password is never actually decrypted - and in fact, it can't be: that's the purpose of 1-way encryption.
But if you ever need to encrypt other information (like credit cards), it means you want to re-use it later on, which means it'll have to be decrypted later on. Two-way encryption is so limited from a security point of view, it never struck me as worth it... if someone were to get access to your database, they could easily find out the encryption method and decrypt it themselves.
So that's why I haven't bothered adding this feature yet. That said, it would be a relatively easy module to put together, I suppose...
Sorry I couldn't be any help.
- Ben