January 30, 2014 at 5:29 am
Hi,
Please note: this query is applicable to any version of SQL Server - it is a question regarding how data between servers is handled and the timing.
I have set up encryption within a 2005 database for the purposes of protecting credit card information in a single column with a table.
There is an application sitting on a separate machine which accepts user input and then calls a stored procedure in the SQL database to encrypt the data.
My question, and it may sound simple/obvious, is this:
Will the credit card number be transmitted in clear text to the database at which point the application will encrypt it, or is the data encrypted within the application and then transmitted to the database encrypted?
It is quite a subtle point but very important from a PCI-Compliance standpoint.
Many thanks.
Dunc
January 30, 2014 at 5:34 am
Please don't cross post. It just fragments replies and wastes people's time as they answer already answered questions.
No replies to this thread please, direct replies to www.sqlservercentral.com/Forums/Topic1536266-359-1.aspx
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply