tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefán F. Stefánsson <>
Date Wed, 17 Jan 2001 13:35:39 GMT
The only thing you probably need to do is make sure nobody can look at
the credit card information while it's being sent from the client to the
server.  Regular HTTP is text based so everything going over the wire
can actually be read by a person, that person could be mr. Evil Man and
he could therefore see the credit card number in plain text.  So what
you would need to do is encrypt the credit card number before it leaves
the client browser.  The only (IMHO) decent way of doing this is to set
up an SSL connection with the client.  What that means is you encrypt
everything that's going from the client and the server.  This is done by
setting the webserver up to support SSL (HTTP over SSL is called HTTPS
and all urls begin with https://yadiyadiya.bla).  I can't really give
you much more information about how you would set that up since I'm not
very familiar with how to set up parts of websites with https and other
parts with http.  I could tell you how to encrypt all connections coming
in to your website but that is probably a big overhead since you
probably don't need to encrypt everything the user does on the web (what
he/she puts in his/her shopping cart or whatever) but just need to
encrypt the credit card number.  You can find info on Tomcat SSL in

Now if you need to store the credit card encrypted in a database once
the server receives it then you should look at:

The recommended encrypt/decrypt algorithm would be an algorithm called
Tripple DES and you should probably be able to find something about it
somewhere on that site.  Look at the API docs and especially at the
javax.crypto.Cipher class.

Hope this helps at all.

Regards, Stefan

p.s. it would be interesting to know exactly what you were meaning
though... do you need to encrypt the card number to store it in a
database or do you just need to encrypt the communication between

-----Original Message-----
From: Mary McCarthy []
Sent: 17. janúar 2001 02:35

Hi all,
Help badly needed by anyone with ANY information on the foollowing:
I am designing an online booking system using JSP, Java Beans and Tomcat
a project at uni.
Does anyone have any information on how to encrypt a credit card number
Tomcat in mind. Surely there is some code I code take from somewhere to
me. Credit card security is a side project on top of my booking system.
anyone knows of any documentation or code available on the web, please
me as all I can seeem to find is companys offering to selll me their 
security systems for $500!!!!!
A big thanks in advance!!
Get your FREE download of MSN Explorer at

To unsubscribe, e-mail:
For additional commands, email:

View raw message