Data Encryption

Overview:

The store site encrypts a number of fields stored in the database, primarily credit card numbers, user IDs and passwords. while cookies are used by the store. We do NOT describe our security here, but developers can read the code to determine this as appropriate. To support this encryption, you must enter an Encrypt Key in the web.config. We do not assign you an Encrypt Key. You need to create one for your store.

Customer password encryption is controlled by the AppConfig:EncryptPassword. When "true" passwords will be encrypted in the database using the EncryptKey from your web.config file, the system does a conversion of existing passwords to "encrypted" when a user logs in the next time.

Note that changing the EncryptKey value will invalidate ALL encrypted data in your database. You won't be able to go back because some data is likely to be encrypted by the new Key. There is NO back-door for us to later unencrypt data if you change your EncryptKey or lose your EncryptKey. You make your own EncryptKey up, treat it like a special password. We do not assign your EncryptKey. You need to create one.

The Encrypt Key should be at least ten (10) alphanumeric long (e.g. LKFEWR4343FLKER).

To set your EncryptKey, click here.