Re: [PHP] Encryption Advice
--- Rory Browne <[EMAIL PROTECTED]> wrote: > It's better if, when it comes to time > to checkout, you redirect your client > to your Payment Service Providers (PSP's) > website, your PSP processes the payment, > and redirects the client back to your > site. The PSP would then contact you > directly to confirm the payment. > That way there is no CC info on your > server for you to protect. I really appreciate all the advice people have given. So the following questions are designed to try to fully understand the scenario and what the customer sees from their viewpoint. The site that I am trying to fix is absolutely awful right now. It is certainly not a high volume site, although I do think if properly designed it could do a lot more business than it does. It is the site of a self-published author and I think most people who buy his books go to Amazon to buy them because the shopping cart is so bad (he did it himself years ago, and he is not any kind of web designer or programmer). The site uses the Hassan Shopping Cart which is a Perl script. Looking at the script it appears that it can support some sort of credit card authorization. But the way he has it set up now it just writes each order to a plain text file in a "secure" subdirectory (obviously a very bad idea) and sends him an email that tells him he has an order on the site to process. His hosting site is discontinuing support for the Hassan Shopping Cart, but does support Cardservice International. So let's say that I want to integrate a shopping cart with a PSP, right up to the moment they get to the checkout, they see my client's URL. They hit the "Checkout" button and then they will see the URL of the PSP? Then once they place the order then they are redirected back to my client's site and see that URL again? Is that an accurate description of how it works? Do you normally have control over the "look and feel" of how the checkout looks on the PSP site? Excuse me if these are really basic questions, but I haven't done this before. :) Thanks again, Lawrence Kennon __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Encryption Advice
--- Koen Martens <[EMAIL PROTECTED]> wrote: > But your unencrypted data is there, so someone could > possibly snoop > that from the insecure memory. This is true. I am going to ask the hosting company to setuid gpg as root. That should solve one problem (from gpg docs): "This is necessary to lock memory pages. Locking memory pages prevents the operating system from writing them to disk and thereby keeping your secret keys really secret." But just out of curiousity, let's assume you are running a shopping cart which takes credit cards and passes them on to whomever approves them and you don't _ever_ write this info to files. Aren't you also vulnerable to someone being able to "snoop memory" on your process for sensitive information? I mean at some point some program on the server has to take the customer's credit card, and that info is in memory somewhere until you get the approval. Isn't that true? Thanks!, Lawrence Kennon __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Encryption Advice
Re: Encryption Advice First off, thanks to the folks who replied with advice. I am mulling over your advice (and I greatly appreciate it!). I have been doing PHP programming for a couple years, including secure sites, but this is my first ecommerce venture, so I am trying to learn as much as I can. Also it is for a friend and I figure the learning is my payment. :) In regards to GNU Privacy Guard (gpg), I did actually manage to get that to work in the hosting environment (without the help of the hosting support folks! :). I use a directive to tell gpg to not warn me about "using insecure memory" but since no private keys reside on this host I think I can safely ignore that (they can't steal what is not there). The real difficulty is that the httpd process runs as an id different than my logon account and I have no shell access. What I did to get around that was to create a subdirectory .gnupg from my html root and ftp'd my pubring.gpg (public key ring) and trustdb.gpg (trust database) into that subdirectory. I secured that wide open (after all, it is a _public_ keyring) cause otherwise gpg will fail. Then I coded the php program to send a command like this using shell_exec: /usr/bin/gpg -a -e -r 'mykeyname' --no-default-keyring --keyring /home/users/web/myhome/.gnupg/pubring.gpg --no-secmem-warning /home/users/web/myhome/ayres In the above the last file "ayres" is the file to encode and the result of the above is a file ayres.asc which is encoded and ready to be mailed. I used the --no-default-keyring and --keyring to point gpg to the keyrings I ftp'd up to the .gnupg subdirectory. Anyway that worked, and on downloading the encoded file I could decode it with the secret key. Don't know if I will use this approach yet, but it was fun to figure out that it could be done! :) Thanks to all who gave advice! Again, I will give some thought to that, and I very much appreciate advice from people who have "been there, done that"! Lawrence Kennon __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Encryption Advice
For an ecommerce site where sensitive data is stored either in files, or in a database, have you used some form of encryption to protect your customer's data? I have a client who currently uses a Perl scripted shopping cart that stores orders (including credit card numbers) in plain text files on a shared server. The security of these files depends purely on the user/file system security measures enforced by the hosting company (which I think is a reasonably good company, but still I don't see it as being sufficiently secure). I am going to rewrite the shopping cart using PHP and was looking into ways to protect the data. Using GNU Privacy Guard (gpg) seemed like the ideal method because I could store the client's public key on the server to encrypt orders and the customer could then download the encrypted files and decrypt them on his PC with his private key (the client manually submits orders through his "store front" merchant account). I know this is a somewhat archaic procedure but it works sufficiently well for this client. However the hosting company won't support gpg so that leaves me with PHP mcrypt functions which I think would work very well, except for on thing - how to protect the secret key which now has to be on the server? Any ideas/suggestions/experience along that line? Thanks in advance, Lawrence Kennon __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP error tracking on new server
- Original Message - From: "Terry Romine" <[EMAIL PROTECTED]> To: Sent: Sunday, August 07, 2005 10:03 AM Subject: [PHP] PHP error tracking on new server ... The problem is that when an error occurs, the page just comes up blank, Does your hosting service give you access to the PHP error log? Mine lists it under "CGI Errors" or something like that, but I can go to a web page and refresh it and see my PHP errors. lk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] MySQL password file
In my current hosting situation I don't have the ability to store my file that contains MySQL userids/passwords in a subdirectory that is not under the server root. In order to protect it from being included from a foreign host I thought up this scheme of using the php_uname function to check that it is running on the correct host. Does this look reasonably secure? I am not hosting any kind of store, or terribly sensitive data - it will only be a bulletin board. This is the format of my datadef.php file which will be included in my php scripts that access the MySQL database. Thanks for your comments, Lawrence Kennon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Tired and feeling dumb...maths question....
basically...how do I get the average? $pic_no_of_votes --- > holds the total number of votes (eg: 212) $vote_total_pts > holds the total points from all those votes (eg: 1027) how do i get the average down to something like: 3.23 or 1.02 or 4.11 etc average = 1027 (total pts) / 212 (number of votes) = 4.84 (rounded) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] searching multiple fields
>...I want it to do the folowing. > >$query = "SELECT * FROM sheet1 WHERE 'name' or 'area or 'organisation LIKE >'$search_field%'"; > "SELECT * FROM sheet1 WHERE 'name' LIKE '$search_field%' OR 'organization' LIKE '$search_field%'" lk
[PHP] PHP error_log format doesn't include timestamp?
In looking at my Apache (2.0.52) error log normal errors have a timestamp (see below): [Wed Jul 13 05:36:07 2005] [error] [client 192.168.123.1] File does not exist: /var/www/thenewagesite/test.html However PHP generated errors to the Apache error log do not give a timestamp: [client 217.212.224.143] PHP Notice: Undefined property: majorver in /var/www/thenewagesite/jjdewey/immortal/chapter1.php on line 15 Is this something I can configure in the php.ini file (to get timestamps on PHP errors in the error log)? Note these are _NOT_ errors that I generate with my code, but errors that PHP is itself sending to the Apache error_log (due to errors _in_ my code :). This may be in the documentation, but I haven't been able to find it yet. Thanks, Lawrence Kennon www.theNewAgeSite.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] help create community newbie guide to security
Chris Shiflett wrote: > In some cases, the developer may want certain > HTML elements interpreted rather than escaped > in this way. Perhaps you could mention that > something like str_replace() can be used to > convert specific HTML entities back to their > original form. This method should filter any > unwanted elements. For a BBS I would like to let users post links to various resources. They 'post' a message to the BBS via a form and that is stored in a MySQL db, then the content of their 'post' is available to other users on the BBS. Currently I strip out all PHP/HTML with the strip_tags() function. What I would really like to do is allow a limited set of HTML tags (like the anchor tag) but at the same time implement reasonable protection. In regards specifically to the HTML anchor tag , are their guidelines for what should, and should not be allowed? In other words if I simply allow all of these tags (implementing the algorithim you mentioned above) are their potential problems with that? Or are there specific things I should be looking for with tags? Thanks for your comments, Lawrence Kennon www.theNewAgeSite.com - Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard