I need to store credit card details on an SQL Server database which will be entered via an ASP.NET (C#) website.
I found this article (http://blog.sb2.fr/post/2008/12/21/Simple-Symmetric-Cryptography-With-C.aspx
) which would seem to do the trick, however I see that to encrypt and decrypt you simply send the value you wish to decrypt and a password.
I'm just wondering where you should store the password? I'm just thinking that in the unlikely event of someone getting access to your web files and database they would have everything they need to decrypt the information.