Security Basics mailing list archives
Re: Poor Man's E-Commerce
From: Robin Wood <dninja () gmail com>
Date: Thu, 8 Apr 2010 09:32:01 +0100
The one thing that I see that could be a problem is that when you call the exec the parameters passed to the app will show up in a process list so any users on the machine running ps at that time will see all the data. I don't know how much better the php libraries are but they might be worth looking at - http://php.net/manual/en/book.gnupg.php . Also, if someone can get on and modify the php files they can also potentially modify the sha1 so while that is an extra layer it can't be relied on 100% to ensure the files haven't changed. As for the rest of it, I'll let someone with PCI experience comment on that. Robin On 7 April 2010 18:02, Chester Enright <amunchet () gmail com> wrote:
Recently, I was approached by our aftermarket department to build a way to retrieve order information from our website. Apparently, other companies in our industry were satisfied to receive user information (including credit card information) in an email, print it out, and delete the email. We felt this was an unacceptable security risk. The proposed solution is this: - The user enters his information on an SSL protected form (despite the fact that SSL can be broken) on the external web server - This form's contents are encrypted in memory (via use of passing them to an exec call to gpg from the php file...nothing plaintext is written to disk). * The private key is not stored on the external server, but the signed public key is, so the external server can encrypt, but not decrypt - This encrypted file is written to the disk in a given directory. - Our internal server runs a CRON job every hour to retrieve the contents of this directory; this directory is then wiped in accordance to DoD standards * The CRON script runs a SHA1 hash check on the PHP files to ensure they have not been tampered with. If they have, they alert to admin immediately. - On our internal server, the files are decrypted, printed, and then wiped again according to DoD standards. Having designed this myself, I don't see any particularly glaring security holes. I would appreciate critiques and insights that suggest otherwise. Is this the best way to handle this sort of information hand off? I personally feel the risk is minimal, due to the encryption and short period of time the information lives on an external machine. Does anyone have experience doing this sort of thing? How would one break into this system to steal credit card information? Thanks. ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Poor Man's E-Commerce Chester Enright (Apr 07)
- Re: Poor Man's E-Commerce Robin Wood (Apr 12)
- Re: Poor Man's E-Commerce John Morrison (Apr 12)
- Re: Poor Man's E-Commerce Marc-André Laverdière (Apr 14)