On 5/19/06, Lawrence Kennon <[EMAIL PROTECTED]> wrote:

For an ecommerce site where sensitive data is stored
either in files, or in a database, have you used some
form of encryption to protect your customer's data?

I have a client who currently uses a Perl scripted
shopping cart that stores orders (including credit
card numbers) in plain text files on a shared server.
The security of these files depends purely on the
user/file system security measures enforced by the
hosting company (which I think is a reasonably good
company, but still I don't see it as being
sufficiently secure).

I am going to rewrite the shopping cart using PHP and
was looking into ways to protect the data. Using GNU
Privacy Guard (gpg) seemed like the ideal method
because I could store the client's public key on the
server to encrypt orders and the customer could then
download the encrypted files and decrypt them on his
PC with his private key (the client manually submits
orders through his "store front" merchant account). I
know this is a somewhat archaic procedure but it works
sufficiently well for this client.

However the hosting company won't support gpg so that
leaves me with PHP mcrypt functions which I think
would work very well, except for on thing - how to
protect the secret key which now has to be on the
server?

Any ideas/suggestions/experience along that line?

Thanks in advance,

Lawrence Kennon



Lawrence, from the very start, if you're on a shared-server, security is
going to be compromised to a large degree.  Hopefully your server at least
uses suexec or suphp to prevent other people's scripts reading your data.
If not, i'd say look for a new host immediately.

As for your private key.  Step 1 is to definitely keep it outside your
doc_root, Step 2 is to give it really restrictive permissions like 400 or
600.  I'm not entirely sure how much you can really do above that on a
shared server.

If you can convince your clients that security is a top-priority on this
project, talk about getting a dedicated box so that your first-level of
defense is simply "nobody else is on the box", then you can worry a little
bit less about your private key being stolen.

--
Scott Hurring [scott dot hurring dot lists at gmail dot com]
http://hurring.com/

Reply via email to