[drupal-devel] In database enryption.
Hello, I have developed a payment gateway for the ecommerce module for use with the St George Bank here in Australia. This uses there batch processing system which means there is user intervention to download and process payments, and then upload back the responses. I have gotten the communication between the webserver and external parties working through the encrypted links, so everything is safe there, but the credit cards are stored in an unencrypted form in the database. What I was thinking of doing is using the mcrypt module for php to encrypt the credit card for storage in the database. The problem that I have come up against is working out which would be the best method of creating the key for the encryption. I have though about using a random number that I then store in the database with a variable_set() which would be better than just using a static key. But if the key is lost then so is all the credit cards that have not been processed. This is not going to be the really secure as someone can just read the program and create small function that will decrypt it anyway, but at least it will stop them for 5 minutes. Any help would be most appreciated. Gordon.
On Wed, 8 Jun 2005, Gordon Heydon wrote:
This is not going to be the really secure as someone can just read the program and create small function that will decrypt it anyway, but at least it will stop them for 5 minutes.
If your aim is to delay them 5 minutes, why bother at all? Your money will be gone anyway. I'd invest some more effort to get better security or none at all. Cheers, Gerhard
On Wed, Jun 08, 2005 at 10:42:38AM +1000, Gordon Heydon wrote:
What I was thinking of doing is using the mcrypt module for php to encrypt the credit card for storage in the database. The problem that I have come up against is working out which would be the best method of creating the key for the encryption.
Below is what I would do. Perhaps folks here have other ideas. I'm sure there are plenty of articles about this on the net if you looked. In general, if you're not performing a recurring transactions, do not store the credit card numbers, just save the last four digits. But, if you need to save the cc numbers to perform recurring transactions, have the key be typed in manually by the person (webmaster/administrator/office staff/etc -- NOT the customer) performing the current transaction. There should be one key. The key should be considered a "password." The key should be md5 hashed then stored somewhere for later comparison. So, if the person types in the wrong key, the program won't run (and won't mistakenly encrypt the cards with the wrong key). Of course, make sure that database is stored in a secure location and the password is only entered via secure connections. --Dan -- T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y data intensive web and database programming http://www.AnalysisAndSolutions.com/ 4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409
Hello, thanks for the response. On Tue, 2005-06-07 at 21:05 -0400, Daniel Convissor wrote:
On Wed, Jun 08, 2005 at 10:42:38AM +1000, Gordon Heydon wrote:
What I was thinking of doing is using the mcrypt module for php to encrypt the credit card for storage in the database. The problem that I have come up against is working out which would be the best method of creating the key for the encryption.
Below is what I would do. Perhaps folks here have other ideas. I'm sure there are plenty of articles about this on the net if you looked.
In general, if you're not performing a recurring transactions, do not store the credit card numbers, just save the last four digits.
I have done this already. card numbers are disposed of once they are no longer required.
But, if you need to save the cc numbers to perform recurring transactions, have the key be typed in manually by the person (webmaster/administrator/office staff/etc -- NOT the customer) performing the current transaction. There should be one key. The key should be considered a "password." The key should be md5 hashed then stored somewhere for later comparison. So, if the person types in the wrong key, the program won't run (and won't mistakenly encrypt the cards with the wrong key).
Yes but this is not really possible, things need to be automated for this client. Another option is to keep the keep on another machine so and retrieved over a secure link when it is required.
Of course, make sure that database is stored in a secure location and the password is only entered via secure connections.
Basically my worries is if the entire site is compromised, then this would be a problem. Thanks for the help. Gordon.
participants (3)
-
Daniel Convissor -
Gerhard Killesreiter -
Gordon Heydon