Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Poor Man's E-Commerce

From: Chester Enright <amunchet () gmail com>
Date: Wed, 7 Apr 2010 13:02:01 -0400
Recently, I was approached by our aftermarket department to build a
way to retrieve order information from our website.

Apparently, other companies in our industry were satisfied to receive
user information (including credit card information) in an email,
print it out, and delete the email.

We felt this was an unacceptable security risk.

The proposed solution is this:
 - The user enters his information on an SSL protected form (despite
the fact that SSL can be broken) on the external web server

 - This form's contents are encrypted in memory (via use of passing
them to an exec call to gpg from the php file...nothing plaintext is
written to disk).
    * The private key is not stored on the external server, but the
signed public key is, so the external server can encrypt, but not
decrypt

 - This encrypted file is written to the disk in a given directory.

 - Our internal server runs a CRON job every hour to retrieve the
contents of this directory; this directory is then wiped in accordance
to DoD standards
    * The CRON script runs a SHA1 hash check on the PHP files to
ensure they have not been tampered with.  If they have, they alert to
admin immediately.

 - On our internal server, the files are decrypted, printed, and then
wiped again according to DoD standards.

Having designed this myself, I don't see any particularly glaring
security holes.

I would appreciate critiques and insights that suggest otherwise.
Is this the best way to handle this sort of information hand off?  I
personally feel the risk is minimal, due to the encryption and short
period of time the information lives on an external machine.

Does anyone have experience doing this sort of thing?  How would one
break into this system to steal credit card information?

Thanks.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: