Lawrence D'Oliveiro wrote: > In message <[EMAIL PROTECTED]>, Steve > Holden wrote: > > >>Lawrence D'Oliveiro wrote: >> >>>In message <[EMAIL PROTECTED]>, Steve >>>Holden wrote: >>> >>> >>> >>>>Credit card numbers should be encrypted in the database, of course, but >>>>they rarely are (even by companies whose reputations imply they ought to >>>>know better). >>> >>>How would encryption help? They'd still have to be decrypted to be used. >> >>Indeed they would, but with proper key management the probability that >>they can be stolen from a database in their plaintext form is rather >>lower. Just last week a police employee in my class told us of an >>exploit where a major credit card copmany's web site had been hacked >>using a SQL injection vulnerability. This is usually done with the >>intent of gaining access to credit card data. > > > If they can do that, it doesn't seem much of a step to compromise the code > that decrypts the credit card data, as well. Keeping it encrypted, when the > key needs to be kept at the same (in)security level, is just > security-through-obscurity.
It depends on what level of compromise they obtain through SQL injection. It does represent a significant additional burden on attackers before sensitive data becomes known. Clearly if someone mounts a successful privilege escalation attack then potentially everything on the system is compromised. Note further, by the way, that credit card numbers need not necessarily be decrypted to be used: if you are the credit card processor (rather than a merchant requiring payment) then you can instead encrypt the card number provided by the user and use that as your database key. regards Steve -- Steve Holden +44 150 684 7255 +1 800 494 3119 Holden Web LLC/Ltd http://www.holdenweb.com Skype: holdenweb http://holdenweb.blogspot.com Recent Ramblings http://del.icio.us/steve.holden -- http://mail.python.org/mailman/listinfo/python-list