> I have been set the task of providing the most secure method
> of record, storing and retrieving data from an e-commerce site
> built using Coldfusion. I've decided on the methods but would
> like some feedback as to whether I'm going the right direction,
> or I'm about to walk of a cliff.
>
> OK, so the customer has added the goods to the shopping cart and
> would now like to pay.
>
> The order form has a Secure Certificate and as such the data is
> encrypted between the browser and the server. Thawte currently
> provide 128-bit Supercerts (Strong), would this be required if
> we were taking credit card details? Or would the 56-bit (Medium)
> encryption be enough?
I'd recommend the use of the 128-bit cert, largely because there's very
little price difference (if any) while it provides significantly higher
protection (although, in all honesty, it's unlikely that someone will mount
an attack on the encrypted communication between the browser and the server
in any case - it's easier to find a server-side vulnerability and exploit
it).
> I would like to store all the details in my database. Is SQL Server
> 7 secure enough to store this type of information or would PGP
> encryption be the way to go? I have looked at the cfx_pgp custom
> tag and the PGP E-Business Server, this is a very expensive option
> but is it the best or most practical? To keep us right a bare minimum
> would be the coldfusion encryption of the information before it is
> recorded to the database.
Your SQL Server installation can certainly be secured enough to protect your
data, but this may not be especially easy. You can use permissions within
SQL Server to limit who can access this critical data, but you'd have to be
confident that you'd done so effectively. So, encrypting the data before
placing it in SQL Server may increase security, especially if you're
concerned that backup operators and other administrative personnel might be
security concerns, or if you have concerns about physical security.
However, keep in mind that if you allow your application to encrypt and
decrypt this data as needed, then if your application (or web server) is
compromised, the attacker may possess all the necessary information to
decrypt the data.
The most secure solution is to not store the critical data at all on your
web-accessible servers, or the servers that support your web-accessible
servers. This is the solution I'd recommend, if at all possible. If you want
to keep records about transactions, you could build a "one-way" transaction
recording mechanism, which would push the data into a non-web-accessible
storage area.
> At this stage the client would like to retrieve the data using a
> web based management facility. Again a secure certificate would
> be required, but is there a need to beef up the general admin login
> using the application page to verify if a user is logged in? If so
> what would you suggest?
I would strongly suggest limiting access in every way possible to this
administrative interface:
- allow access only from pre-approved terminals
- use certificates
- use logins with strong passwords
In addition, if possible, don't allow public Internet access to the web
server used to retrieve this data. Don't put it on a publicly-accessible
network at all.
Finally, remember that securing data and servers is a very complex process
which requires attention to detail. It's not just a matter of applying
encryption here and there. Every component, every part of the process needs
to be considered.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
voice: (202) 797-5496
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Your ad could be here. Monies from ads go to support these lists and provide more
resources for the community. http://www.fusionauthority.com/ads.cfm
FAQ: http://www.thenetprofits.co.uk/coldfusion/faq
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
