Rolan Yang wrote:
Whenever I need to store credit card data, I encrypt it with GPG
before storing it in the database. The private key file is not to
be stored on the same machine and should definitely not be
accessible by the web server!
That's always been my understanding. But it occurred to me that the
private key is useless without the pass-phrase. What if the secret
key is stored on the same machine as the encrypted data, but the pass-
phrase isn't?
As long as the pass-phrase is submitted along with every request that
shows decrypted data, the pass-phrase never needs to be stored on the
server ... unless of course the pass-phrase is somehow accessible by
the use of shell_exec.
Dan Cech wrote:
A much better approach is to use the proc_open function to execute the
process and allow you to provide the passphrase directly to the gpg
process on stdin and read the decrypted data from stdout. This way
the
passphrase & cleartext are much less vulnerable to simple sniffing by
other users of the machine.
This sounds like a good suggestion. It seems to solve the shell_exec
problem.
I'd just love to create a simple solution for storing sensitive data
without requiring a special decryption setup on the client side. What
do you think? Am I playing with fire?
-- Dell
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
