in reply to Re: **Another 2 questions: Encrypting forms and credit card numbers
in thread Safe symmetric encryption - Crypt::CBC + Crypt::Blowfish?

Thank you very much for your detailed response. I understand what you are saying and of course I could provide a perl app to run on the adminitrator's local machine which would decrypt a downloaded csv file.

I do require ssl and a login to get to the management page, though hearing your opinion I would be inclined to be doubly sure I am not storing password as plaintext. Also I have a different login/password for the staff and for the manager(s) at the company who actually need to see the credit card numbers. Question of whether that is enough or not. Considering it's just a junky virtual host account somewhere I guess the admin can do many bad things to it, but I think getting the cc numbers would require that either he can listen in on the script's decrypting process (possible if he changes my code) or crack the ssl session (I don't think so but hey it's his openssl).

My insights so far: I need to ask a SOPW and immediately plan on providing a perl utility (hopefully perlcc since installing perl might be a hassle) then try some perl gui-ness.. can you spell ballooning?

Oh the insights from that thread, right.. it is not tamperproof hardware, memory is not safe especially since I'm not root. Also I don't have time to look at strings /dev/kmem or looking at /proc/*/kmem or ptrace which I guess maybe someone could do if they're really quick while script is executing for a few seconds a day. Realistically this is really not a problem for my current app but what if I used the same system for something bigger in the future.. Okay I'm only half way through and it is a long thread. I think the question to ask (think I know the answer already though) is how safe is perl when decrypting from remote machine over ssl? If I get more insights from rest of thread will update here. Thanks.

This post I'm not familiar with the systems he mentions. Sounds like something a bit magical which is definitely not going to be available on a cheap provider anyway.

  • Comment on Re: Re: **Another 2 questions: Encrypting forms and credit card numbers

Replies are listed 'Best First'.
Re^3: **Another 2 questions: Encrypting forms and credit card numbers
by diotalevi (Canon) on Feb 10, 2003 at 15:20 UTC

    Prepended I am going to follow this up with more detail later - I'm off to work and don't have time to drop anything except the briefest of notes

    Actually... that was the really short and abbreviated answer. I gave only the merest sketch of an outline of where the answer might be. From what you've said it sounds like you should be paying a billing company to handle this for you. You are not equipped to solve this problem given the resource limits you've intimated at. You have no business taking people's credit cards at whatever site this is. Shame on you if you do. This is a good time to familiarize yourself with Abigail's Oath.


    Seeking Green geeks in Minnesota

      Sorry I think you've misplaced your moral authority somewhere. I didn't ask for you to shame me and am perfectly capable of making a balanced choice between development costs, client requests, potential losses, and real security levels acheived. Something you can't since you don't know the whole story. So not shamed, thanks anyway.

      To assuage your and other people's fears, this is a relatively low volume signup form for a seminar which shold run for a couple months on a virtual hosting site. It is mainly for domestic people who are not offered a credit card option, but the English page will have that option for a very small number of people, like maybe 5 or 10 people.

      The information you provided was useful in that the point (with which I was already familiar in fact) was stressed that a machine you don't own is far less secure than one you do own behind a firewall.

      My main question was about which modules were best, and I am also taking the additional information to heart and considering providing a client-side perl system to decrypt. However I will be discussing this with the project manager as I happen to be getting this as a low budget outsourced project which had this tacked on at the end, though if it goes well my system may be used for more projects in the future. And I am generally extremely responsible and the security advocate for this 50 person company.

      Likely the decision will be to temporarily provide an online decrypt session function as I mentioned, where private key is inputted into a form over ssl by a manager, until transitioned out of that. (Probably this transition to be completed before actual launch if possible).

      Typical risk management calculations make this the most intelligent course and I am willing to invest for free in providing an offline decrypt. It might even be a competitive advantage in the future too. However I have to consider the best way to package this for easy installation on a windows pc without me being there. It has been obvious to me for a long time that a real e-commerce site needs to do decryption offline and preferably with an air gap. This project wasn't really supposed to handle sensitive information but now I am trying to make a balanced decision. I probably will also suggest that a note is added to the English site that the user may fax card numbers to the office from overseas if they wish to do so instead, and explain how they may wish to just do all credit cards by fax instead as there is very little development budget.

      If anyone can relate their experience with using Perl public key encryption modules, or about an easy way to accomplish this offline decrypt app it would be much appreciated. Just so you know where my thinking is, it would be nice to have a gui but I don't want to mess with Tk or WxPerl unless it is going to be very quick and I know it won't be. It might be more work but also I could imagine cygwin1.dll, a cygwin apache, and a perl cgi solution running on a local pc. But that may have too many potential setup problems (e.g. their firewall software, different cpus, temptation to spread data around several machines, etc.). So a simple application (maybe even a freeware utility which already can do this) would be best.

      Thank you very much for your pointers and please rest assured that I'll do "the right thing". Despite this project actually being way over budget / under scheduled, (nothing new there). I think this information will be very useful to others who are in the same position. Any concrete information (code is also nice) on how to bring development time down to an absolute minimum on this without sacrificing security would be extremely helpful, as I prefer not to reinvent the wheel. Thanks again.

      Sincerely,
      Matt