On 5/19/06, Lawrence Kennon <lwk2431@xxxxxxxxx> wrote:
For an ecommerce site where sensitive data is stored either in files, or in a database, have you used some form of encryption to protect your customer's data? I have a client who currently uses a Perl scripted shopping cart that stores orders (including credit card numbers) in plain text files on a shared server. The security of these files depends purely on the user/file system security measures enforced by the hosting company (which I think is a reasonably good company, but still I don't see it as being sufficiently secure). I am going to rewrite the shopping cart using PHP and was looking into ways to protect the data. Using GNU Privacy Guard (gpg) seemed like the ideal method because I could store the client's public key on the server to encrypt orders and the customer could then download the encrypted files and decrypt them on his PC with his private key (the client manually submits orders through his "store front" merchant account). I know this is a somewhat archaic procedure but it works sufficiently well for this client. However the hosting company won't support gpg so that leaves me with PHP mcrypt functions which I think would work very well, except for on thing - how to protect the secret key which now has to be on the server? Any ideas/suggestions/experience along that line? Thanks in advance, Lawrence Kennon
Lawrence, from the very start, if you're on a shared-server, security is going to be compromised to a large degree. Hopefully your server at least uses suexec or suphp to prevent other people's scripts reading your data. If not, i'd say look for a new host immediately. As for your private key. Step 1 is to definitely keep it outside your doc_root, Step 2 is to give it really restrictive permissions like 400 or 600. I'm not entirely sure how much you can really do above that on a shared server. If you can convince your clients that security is a top-priority on this project, talk about getting a dedicated box so that your first-level of defense is simply "nobody else is on the box", then you can worry a little bit less about your private key being stolen. -- Scott Hurring [scott dot hurring dot lists at gmail dot com] http://hurring.com/
