|
If you must keep the CC's for an extended period of time (longer that the user stays on your site), then a database is probably the only good way to do this. The key (IMHO) is to secure the database and the numbers to the maximum level possible AND to have a good procedure in place for removing those numbers from the database in a timely manner. You must also keep all the other identifying information as well (name, address, etc.)
Basically, like I said before the key thing is encryption. The other thing you can do in addition to encryption is to further scamble the numbers by keeping various parts of the #'s encrypted in different ways and stored in different columns in a table. If you are using Oracle or SQL Server you can further increase security by using column level security and setting it up so that only a call to a stored procedure with a good (highly random) keycode can retrieve the CC values.
Before I would recommend to a customer to store CCs in a database accessed via web-based systems, I would want to insure that the database itself was properly secured and that the web sites exposing the database were properly secured.
|
|
|
|
|
You might be interested in this book.
Andy Gaskell, MCSD MCDBA
|
|
|
|
|
Howdy, I built an app that used ODBC to write to an SQL database. The client has just turned around and said that they wish to use OLEdb connection strings to tell my app where the server is (instead of ODBC DSNs).
Everything I've found on using OLEDB to access databases, is a whole pile of COM interface stuff with no real world examples. A far cry from the 'CDatabase' simplicity I'm used to.
Can anybody help me with this ?
All I need to do is to write some data via INSERT statements and do a few SELECT statements. I'm looking for some sample code or a tutorial with "real world" examples. Actually, anything that will help me do this in the few hours I have available to change my code.
Thanks to anybody who can help.
Damian Del Campo
|
|
|
|
|
|
Howdy, I downloaded you classes and was using them quite successfully.
*However*, I had to convert my app to UNICODE as the clients require this. Since I've done that, I can't find any way of passing a connection to the CADODatabase. Open method simply doesn't like what I'm passing it (& I'm pressuming all methods will be the same).
I've tried creating a char string and passing that to the database open function but it simply won't work either. All I get is an error message ->
CADODataBase Error
Code:80004005
Code meaning: Unspecified error
Source ||||||||||||||
Description |||||||||||||
Since I'm now passing it the same thing as I was before (char *) it should work, the fact that it doesn't makes me think that UNICODE must affect an include file that the ADO classes depend on in some way.
Do you know how I can get around this ??????
Thanks, Damian Del Campo
|
|
|
|
|
Sorry about that last comment, "my bad".
I won't tell you what the problem was as its rather embarassing.
Sorry again.
Damian
|
|
|
|
|
I just started with Visual C# .NET and I have some difficulties using a simple Acess database to show a table on a datagrid... I searched a lot before posting here. I always get this error even if I know the database is not open anywhere:
The Microsoft Jet database engine cannot open the file 'C:\test.mdb'. It is already opened exclusively by another user, or you need permission to view its data.
They say the error is at the line "adapter.Fill(DataSet);"... That's the only 2 lines I've written.
private void Page_Load(object sender, System.EventArgs e)
{
adapter.Fill(DataSet);
DataGrid1.DataBind();
}
adapter is my oleDbDataAdapter, DataSet is the dataSet that have been generated with the adapter when I ask him to SELECT * FROM CLIENT (where client is the only table in test.mdb)... DataGrid1 is my DataGrid control. I did the exact same thing they say to do in the help files in a walkthrough for data-acess with the datagrid control...
|
|
|
|
|
Crocmort wrote:
private void Page_Load(object sender, System.EventArgs e)
{
adapter.Fill(DataSet);
DataGrid1.DataBind();
}
Do you use it in ASP.NET? So you have to change the property of file and change the permission of file.(with write click on it)
Mazy
"The path you tread is narrow and the drop is shear and very high,
The ravens all are watching from a vantage point near by,
Apprehension creeping like a choo-train uo your spine,
Will the tightrope reach the end;will the final cuplet rhyme?"Cymbaline-Pink Floyd
|
|
|
|
|
Change the permission of the database or the permission of the ASP.NET file?? It's a Web Application project in Visual C#. But when I try the same thing in a Window Application in Visual C# with the DataGrid, it's working perfectly fine... I really don't know why it's not working...
|
|
|
|
|
Crocmort wrote:
Change the permission of the database or the permission of the ASP.NET file??
Permission of database.Then if it does not work then go and change the permission of your ASP.NET project in your IIS in 'Directory' tab of its properties.
Mazy
"The path you tread is narrow and the drop is shear and very high,
The ravens all are watching from a vantage point near by,
Apprehension creeping like a choo-train uo your spine,
Will the tightrope reach the end;will the final cuplet rhyme?"Cymbaline-Pink Floyd
|
|
|
|
|
I think it's because it's a webapplication and my database is located on my harddrive... So since it's a web application on IIS, the script doesnt have the acess to the database on my drive... But even if I put the database on the wwwroot (in IIS) of the project it doesnt work more. This is my connection string, I don't know if I'm doing something wrong, but it was generated by Visual C#...
Provider=Microsoft.Jet.OLEDB.4.0;Password="";User ID=Admin;Data Source=C:\Inetpub\wwwroot\Testing\test.mdb;Mode=ReadWrite|Share Deny None;Extended Properties="";Jet OLEDB:System database="";Jet OLEDB:Registry Path="";Jet OLEDB:Database Password="";Jet OLEDB:Engine Type=5;Jet OLEDB:Database Locking Mode=1;Jet OLEDB:Global Partial Bulk Ops=2;Jet OLEDB:Global Bulk Transactions=1;Jet OLEDB:New Database Password="";Jet OLEDB:Create System Database=False;Jet OLEDB:Encrypt Database=False;Jet OLEDB:Don't Copy Locale on Compact=False;Jet OLEDB:Compact Without Replica Repair=False;Jet OLEDB:SFP=False
If I try to put the Data Source to only test.mdb, it's the same thing as c:\test.mdb...
|
|
|
|
|
Crocmort wrote:
I think it's because it's a webapplication and my database is located on my harddrive...
Yes,you have to change the location to IIS in the directory of your project.
Mazy
"The path you tread is narrow and the drop is shear and very high,
The ravens all are watching from a vantage point near by,
Apprehension creeping like a choo-train uo your spine,
Will the tightrope reach the end;will the final cuplet rhyme?"Cymbaline-Pink Floyd
|
|
|
|
|
The code is wrong
This.myDataGrid.DataSource=this.myDataSet.myTable
|
|
|
|
|
I have managed to (using the power of wizards) create the following SQL/Access code. It basically groups the dates togather and SUM's the total money spent at a particular company for that given month in a columnar fashion.
How would I add to the follwoing code:
SELECT DISTINCTROW Format$([Expense].[Date],"mmmm yyyy") AS [Date By Month], Expense.Company, Sum(Expense.Amount) AS [Sum Of Amount]
FROM Expense
GROUP BY Format$([Expense].[Date],"mmmm yyyy"), Expense.Company, Year([Expense].[Date])*12+DatePart("m",[Expense].[Date])-1;
and make it tally a total of all expeditures also and include a column at the bottom for the TOTAL.
I hope I made sense...
Thanx!
"An expert is someone who has made all the mistakes in his or her field" - Niels Bohr
|
|
|
|
|
Do you want to add this as a report, or a module in Access?
More info please.
Nick Parker
|
|
|
|
|
Ummm....i'm not sure...
Basically I created a custom form entered data and then viewed it in table form...ran a Query wizard on the data to show only certain info....in the table view I right clicked on the grid and clicke SQL view....whatever that is I guess would be what I want.
Thanx!
"An expert is someone who has made all the mistakes in his or her field" - Niels Bohr
|
|
|
|
|
I have a application that Im working on that I want to be able to write information into different columns and rows of a access database. I really dont care what method is used as long as it gets the job done. The problem is that Im very new to VC and it seems that all the help on MSDN is a little too cryptic for me Can anyone break down a easy way to write to a database. A little detail wouldnt hurt so I can learn from this to.
Thank You,
Sparky
|
|
|
|
|
go to the database forum here on cp and download the ado library by carlos antollini ... it will get you started and the libs make life easier for doing exactly what you are asking
if you have any problems after that just post them here
situations to avoid #37: "good morning ... how many sugars do you take in your coffee ... and what was your name again?"
coming soon: situations to avoid #38: "...and the dog was there too?"
|
|
|
|
|
Thank You for the reply. Ill give that a try.
Sparky
|
|
|
|
|
Hi!
I have a real basic question. Maybe I'm just too stupid to see the obvious...
But how do you delete a database you have created with the Server Explorer of VS.NET? I can find an option to create new databases but no option to delete an existing one?!?
TIA
Martin
PS: VS NET Prof, SQL Server 2000 Desktop engine
"Kein Alkohol ist auch keine Loesung" - Die Toten Hosen
|
|
|
|
|
What does a DSN do exactly...is this seperate from a connection...?
I was told a DSN is a entry in windows registry, which makes sense...but why would hosting services ask how many you want...?
Do I need a unique DSN for each database file I have...?
Is this why they would offer this option...? Also Why would a hosting company ask how much DB space I want/need...?
How is this different from normal domain space...?
Do they keep the DB in a seperate directory, secure away from the root (thus requiring DSN)...?
How is DB and domain space different, or is this just a method of making MORE money...?
"An expert is someone who has made all the mistakes in his or her field" - Niels Bohr
|
|
|
|
|
Hosting services don't usually use Access databases, so stop thinking about "database files". Database servers like MS SQL Server or Oracle don't have 1:1 mapping from databases to files or directories.
|
|
|
|
|
markkuk wrote:
Hosting services don't usually use Access databases
I was orignally using access, but I now understand why sqlserver/mysql is far superior...
markkuk wrote:
Database servers like MS SQL Server or Oracle don't have 1:1 mapping from databases to files or directories.
What does that mean...?
Thanx!
"An expert is someone who has made all the mistakes in his or her field" - Niels Bohr
|
|
|
|
|
In big database servers, a database isn't a file or a directory on the filesystem. The server simply gets some space from the OS, either files or sometimes raw disk partitions, and manages all space allocation internally. A single file may contain several databases or a database may be spread among several files, but this isn't visible to the database users.
|
|
|
|
|
I did not know that.
Cool, thanx for the help.
Cheers!
"An expert is someone who has made all the mistakes in his or her field" - Niels Bohr
|
|
|
|