Security Basics mailing list archives
Re: Poor Man's E-Commerce
From: Marc-André Laverdière <marcandre.laverdiere () gmail com>
Date: Wed, 14 Apr 2010 10:44:30 +0530
Hi, Overall good idea. Robin had some good points too. Here are my 2 cents: 1) I'm not sure there is a real need to wipe the ciphertext by DOD standards 2) Please use SHA-256 instead of SHA-1, that's for the sake of future-proofing. Also, I'd put the hashes in a directory outside your web root, so that an attacker needs to pwn your entire machine instead of just your webapp in order to corrupt your processing files. 3) Can you send data to GPG using STDIN instead of a command-line parameter? I'm no PHP programmer, so I have no clue. But I know that you can fork() in C and override the STDIN, STDERR and STDOUT parameters so that you can pass your data to the program w/o command-line or any IPC mechanisms 4) If you want to be paranoid, you need to make sure your application doesn't get its memory swapped to disk. That means making the pages locked in memory. I don't know if PHP allows you to do that Marc-André LAVERDIÈRE "Perseverance must finish its work so that you may be mature and complete, not lacking anything." -James 1:4 mlaverd.theunixplace.com/blog /"\ \ / ASCII Ribbon Campaign X against HTML e-mail / \ 2010/4/7 Chester Enright <amunchet () gmail com>:
Recently, I was approached by our aftermarket department to build a way to retrieve order information from our website. Apparently, other companies in our industry were satisfied to receive user information (including credit card information) in an email, print it out, and delete the email. We felt this was an unacceptable security risk. The proposed solution is this: - The user enters his information on an SSL protected form (despite the fact that SSL can be broken) on the external web server - This form's contents are encrypted in memory (via use of passing them to an exec call to gpg from the php file...nothing plaintext is written to disk). * The private key is not stored on the external server, but the signed public key is, so the external server can encrypt, but not decrypt - This encrypted file is written to the disk in a given directory. - Our internal server runs a CRON job every hour to retrieve the contents of this directory; this directory is then wiped in accordance to DoD standards * The CRON script runs a SHA1 hash check on the PHP files to ensure they have not been tampered with. If they have, they alert to admin immediately. - On our internal server, the files are decrypted, printed, and then wiped again according to DoD standards. Having designed this myself, I don't see any particularly glaring security holes. I would appreciate critiques and insights that suggest otherwise. Is this the best way to handle this sort of information hand off? I personally feel the risk is minimal, due to the encryption and short period of time the information lives on an external machine. Does anyone have experience doing this sort of thing? How would one break into this system to steal credit card information? Thanks. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Poor Man's E-Commerce Chester Enright (Apr 07)
- Re: Poor Man's E-Commerce Robin Wood (Apr 12)
- Re: Poor Man's E-Commerce John Morrison (Apr 12)
- Re: Poor Man's E-Commerce Marc-André Laverdière (Apr 14)