I would like to know what security needs to be implemented to legally store customers personal information in a database. e.g. SSN, birthdays, address, etc. Encryption is clearly a given. But is there a certain design and programming requirements?
I would appreciate a link to a site or multiple sites so I can do further research on this topic.
2007-06-26 02:46:09 · 2 answers · asked by Statistics Monkey 2 in Computers & Internet ➔ Security
Well, you can start with SSL adding a SHA-1 which provides access to a 160bit algorythm. Keeping the database on a secured server, which means nobody should have access to it except authorized administrators. Keep the database on a separate machine on its own network. Keep the machine off the internet if at all possible.
2007-06-26 03:21:57 · answer #1 · answered by mcgranem 3 · 0⤊ 0⤋
All I know is you will definitely need an SSL certificate for encryption. It's not legal to do hardly anything personal without it.
2007-06-26 03:05:01 · answer #2 · answered by koreansuperman859 3 · 0⤊ 0⤋