Code Forums - View Single Post

sde · 02-14-2005, 11:23 AM

well the only reason to encrypt the password in the first place is in case someone compromises the server. since the credit card processing would otherwise be processed on the server through ssl to the merchant bank, i'm not too concerned about a sniffer.

so, essentially encrypting the cc# with the user's password would still be storing the key on the server.

if i have a lot of live credit cards in my database, i could definately be identified as a target to anyone or group looking for this data. if someone was skilled enough to hack into the server, then i would not doubt that it would be too difficult for them to read my credit card processing script and figure out where the key was comming from.

my potential solution is to run the processing script off-site from behind a tight firewall. the encrypted password would be requested from the off-site server, decrypted, then sending the request to the bank via ssl.

this would at least make it so the hacker could not decrypt the cc#'s with a key they found on the web server. they would have to somehow find the ip of the server that was processing the credit cards, then get in through the firewall, before they could even attempt to compromise the off-site server.

i know i'm repeating myself a bit but it helps make the situations more clear for me.

02-14-2005, 11:23 AM	#5 (permalink)
sde Moderator Join Date: May 2002 Location: us.ca Posts: 4,489	well the only reason to encrypt the password in the first place is in case someone compromises the server. since the credit card processing would otherwise be processed on the server through ssl to the merchant bank, i'm not too concerned about a sniffer. so, essentially encrypting the cc# with the user's password would still be storing the key on the server. if i have a lot of live credit cards in my database, i could definately be identified as a target to anyone or group looking for this data. if someone was skilled enough to hack into the server, then i would not doubt that it would be too difficult for them to read my credit card processing script and figure out where the key was comming from. my potential solution is to run the processing script off-site from behind a tight firewall. the encrypted password would be requested from the off-site server, decrypted, then sending the request to the bank via ssl. this would at least make it so the hacker could not decrypt the cc#'s with a key they found on the web server. they would have to somehow find the ip of the server that was processing the credit cards, then get in through the firewall, before they could even attempt to compromise the off-site server. i know i'm repeating myself a bit but it helps make the situations more clear for me. __________________ Mike