Daniel P. Stasinski said: The problem with what the customer wants is that the password is > instantly exposed if the server should ever get hacked. > > Check out my ns_encrypt() module that's in CVS. It uses all OpenSSL > algorithms, a one time pad, and RSA public/private keys. The webserver > has the public key and some other remote system would have the private > key. > > Daniel
Hi Daniel, Scott just pointed that out to me. But can you clarify how you envision it being used? If I understand what you are saying and wrap it through my not enough coffee and I always make things too complex while not really solving the problemifier, then you have two machines: WS: running the app PK: server with the private key The user always sees WS. User wants to purchase latest version of Snow Crash User enters Credit Card info, CC. WS: uses Verisign Payment gateway to charge user for the new virus and drug. WS encrypts using the public key the CC info and stuffs the encrypted info into local database. User comes back to WS, and now wants to purchase Dick Clark's 100th anniversary Birthday Video. WS pulls encrypted info out of db, and sends it to PK for decryption. PK decrypts it. WS uses decrypted info to charge user for video with Verisign. Now the silly h4x0r comes along and steals the db and runs away. Result: silly h4x0r can do nothing with the db. So his bigger sister the wiley h4x0r comes back and for as long as she can maintain a cracked system and a script and remain undetected, she can pull decrypted cc info out of pk. Summary: this mitigates or eliminates the hit & run. Team h4x0r has to either break into two machines, or break into one machine and remain hidden, or break into one machine, and have an insider send the private key along. The Wiley sysadmin still had best be up on security patches, monitoring logs, intrustion detection, etc. Do I basically have it or is there a better way to do this? Thanks, Jerry P.S. If tripwire was cheaper to run, I'd probably add some rube goldberg scheme where the WS exposes portions of its fs (/etc/ /sbin etc) to PK via NFS and the PK comes along every five minutes and checksums WS and only ever processes n cards per minute and only if the checksum doesn't change. -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
