Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Poor Man's E-Commerce

From: Marc-André Laverdière <marcandre.laverdiere () gmail com>
Date: Wed, 14 Apr 2010 10:44:30 +0530
Hi,

Overall good idea. Robin had some good points too. Here are my 2 cents:
1) I'm not sure there is a real need to wipe the ciphertext by DOD standards
2) Please use SHA-256 instead of SHA-1, that's for the sake of
future-proofing. Also, I'd put the hashes in a directory outside your
web root, so that an attacker needs to pwn your entire machine instead
of just your webapp in order to corrupt your processing files.
3) Can you send data to GPG using STDIN instead of a command-line
parameter? I'm no PHP programmer, so I have no clue. But I know that
you can fork() in C and override the STDIN, STDERR and STDOUT
parameters so that you can pass your data to the program w/o
command-line or any IPC mechanisms
4) If you want to be paranoid, you need to make sure your application
doesn't get its memory swapped to disk. That means making the pages
locked in memory. I don't know if PHP allows you to do that

Marc-André LAVERDIÈRE
"Perseverance must finish its work so that you may be mature and
complete, not lacking anything." -James 1:4
mlaverd.theunixplace.com/blog

 /"\
 \ /    ASCII Ribbon Campaign
  X      against HTML e-mail
 / \



2010/4/7 Chester Enright <amunchet () gmail com>:

Recently, I was approached by our aftermarket department to build a
way to retrieve order information from our website.

Apparently, other companies in our industry were satisfied to receive
user information (including credit card information) in an email,
print it out, and delete the email.

We felt this was an unacceptable security risk.

The proposed solution is this:
 - The user enters his information on an SSL protected form (despite
the fact that SSL can be broken) on the external web server

 - This form's contents are encrypted in memory (via use of passing
them to an exec call to gpg from the php file...nothing plaintext is
written to disk).
    * The private key is not stored on the external server, but the
signed public key is, so the external server can encrypt, but not
decrypt

 - This encrypted file is written to the disk in a given directory.

 - Our internal server runs a CRON job every hour to retrieve the
contents of this directory; this directory is then wiped in accordance
to DoD standards
    * The CRON script runs a SHA1 hash check on the PHP files to
ensure they have not been tampered with.  If they have, they alert to
admin immediately.

 - On our internal server, the files are decrypted, printed, and then
wiped again according to DoD standards.

Having designed this myself, I don't see any particularly glaring
security holes.

I would appreciate critiques and insights that suggest otherwise.
Is this the best way to handle this sort of information hand off?  I
personally feel the risk is minimal, due to the encryption and short
period of time the information lives on an external machine.

Does anyone have experience doing this sort of thing?  How would one
break into this system to steal credit card information?

Thanks.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------




------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: