Re: Poor Man's E-Commerce

[Robin Wood <dninja () gmail com>]

The one thing that I see that could be a problem is that when you call
the exec the parameters passed to the app will show up in a process
list so any users on the machine running ps at that time will see all
the data. I don't know how much better the php libraries are but they
might be worth looking at - http://php.net/manual/en/book.gnupg.php .

Also, if someone can get on and modify the php files they can also
potentially modify the sha1 so while that is an extra layer it can't
be relied on 100% to ensure the files haven't changed.

As for the rest of it, I'll let someone with PCI experience comment on that.

Robin

On 7 April 2010 18:02, Chester Enright <amunchet () gmail com> wrote:
> Recently, I was approached by our aftermarket department to build a
> way to retrieve order information from our website.
>
> Apparently, other companies in our industry were satisfied to receive
> user information (including credit card information) in an email,
> print it out, and delete the email.
>
> We felt this was an unacceptable security risk.
>
> The proposed solution is this:
>  - The user enters his information on an SSL protected form (despite
> the fact that SSL can be broken) on the external web server
>
>  - This form's contents are encrypted in memory (via use of passing
> them to an exec call to gpg from the php file...nothing plaintext is
> written to disk).
>     * The private key is not stored on the external server, but the
> signed public key is, so the external server can encrypt, but not
> decrypt
>
>  - This encrypted file is written to the disk in a given directory.
>
>  - Our internal server runs a CRON job every hour to retrieve the
> contents of this directory; this directory is then wiped in accordance
> to DoD standards
>     * The CRON script runs a SHA1 hash check on the PHP files to
> ensure they have not been tampered with.  If they have, they alert to
> admin immediately.
>
>  - On our internal server, the files are decrypted, printed, and then
> wiped again according to DoD standards.
>
> Having designed this myself, I don't see any particularly glaring
> security holes.
>
> I would appreciate critiques and insights that suggest otherwise.
> Is this the best way to handle this sort of information hand off?  I
> personally feel the risk is minimal, due to the encryption and short
> period of time the information lives on an external machine.
>
> Does anyone have experience doing this sort of thing?  How would one
> break into this system to steal credit card information?
>
> Thanks.
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------