[thelist] sensitive info and security

Bryan Nolen bryan at arc.net.au
Sun Feb 2 20:20:01 CST 2003


--
[ Picked text/plain from multipart/alternative ]



I've also written the same thing in coldfusion....

===BeginFile===
<!--- act_gpg.cfm - gpg encryption tag/fuse    --->
<!--- Written for use on a *nix/Solaris system --->
<!--- <c> 2003 Bryan Nolen All Rights Reserved --->

<!---- script constants - exe file, and runtime options --->
<cfset gpgExe = "/usr/local/bin/gpg">
<cfset gpgHomeDir = "/home/someUser/.gnupg/">
<cfset gpgOpts = "--homedir #gpgHomeDir# -a -e --always-trust">
<cfset sendr = " -u 'sender at domain.tld'">
<cfset recip = " -r 'Recipient Name <rname at domain.tld>'">

<cfset cryptCmd = gpgExe &" "& gpgOpts &" "& sendr &" "& recip>

<!--- variable containing text we want crpyted --->
<cfset clearData = "Your Order Data would go in here">

<!--- temp file use by cfexecute --->
<cfset cryptFile = "/tmp/crypt." & CreateUUID()>

<!--- temporary shell file --->
<cfset tmpFile = "/tmp/shell." &createUUID()>

<!--- temp file containing clear text --->
<cfset clearFile = "/tmp/clear." & CreateUUID()>


<!--- write cleartext to a temp file with a random name --->
<cftry>
        <cffile
                action="WRITE" AddNewLine="yes"
                file=#clearFile# output="#clearData#"
        >
        <cfcatch type="Any">
                Failed to Write Clear.<br><br>Error Code:
<cfoutput>#cfcatch.errorCode#</cfoutput><br>Error Message:
<cfoutput>#cfcatch.message#</cfoutput><br>
                <cfabort>
        </cfcatch>
</cftry>

<!--- purge cleartext from ram --->
<cfset clearData=CreateUUID()><cfset clearData=CreateUUID()><cfset
clearData=CreateUUID()><cfset clearData="">

<!--- write required options to temp shell script --->
<cftry>
        <cffile
                action="WRITE" file=#tmpFile# AddNewLine="yes"
                output="cat #clearFile# | #cryptCmd#"
        >
        <cfcatch type="Any">
                Failed to Write Shell.<br><br>Error Code:
<cfoutput>#cfcatch.errorCode#</cfoutput><br>Error Message:
<cfoutput>#cfcatch.message#</cfoutput><br>
                <cfabort>
        </cfcatch>
</cftry>

<!--- Perform the execution --->
<cftry>
        <CFEXECUTE
                NAME="/bin/sh" TIMEOUT="140"
                ARGUMENTS=#tmpFile#     OUTPUTFILE=#cryptFile#
        >
        </CFEXECUTE>
        <cfcatch type="Any">
                Crypto failed on local server.<br><br>Error Code:
<cfoutput>#cfcatch.errorCode#</cfoutput><br>Error Message:
<cfoutput>#cfcatch.message#</cfoutput><br>
        <cfabort>
        </cfcatch>
</cftry>

<!--- Read the response as gpgText, assigning the value of the file
contents --->
<cftry>
        <cffile
                action="READ"
                file=#cryptFile# variable="gpgText"
        >
        <cfcatch type="Any">
                Failed to read gpg response.<br><br>Error Code:
<cfoutput>#cfcatch.errorCode#</cfoutput><br>Error Message:
<cfoutput>#cfcatch.message#</cfoutput><br>
        <cfabort>
        </cfcatch>
</cftry>

<!--- delete shell script, cleartext and cypher text file --->
<cftry>
        <cffile
                action="DELETE" file=#tmpFile#
        >
        <cfcatch type="Any">
                Failed to Delete Shell.<br><br>Error Code:
<cfoutput>#cfcatch.errorCode#</cfoutput><br>Error Message:
<cfoutput>#cfcatch.message#</cfoutput><br>
        <cfabort>
        </cfcatch>
</cftry>

<cftry>
        <cffile
                action="DELETE" file=#clearFile#
        >
        <cfcatch type="Any">
                Failed to Delete Clear.<br><br>Error Code:
<cfoutput>#cfcatch.errorCode#</cfoutput><br>Error Message:
<cfoutput>#cfcatch.message#</cfoutput><br>
        <cfabort>
        </cfcatch>
</cftry>

<cftry>
        <cffile
                action="DELETE" file=#cryptFile#
        >
        <cfcatch type="Any">
                Failed to Delete crypt.<br><br>Error Code:
<cfoutput>#cfcatch.errorCode#</cfoutput><br>Error Message:
<cfoutput>#cfcatch.message#</cfoutput><br>
        <cfabort>
        </cfcatch>
</cftry>

<!--- do something with the cypher text --->
<cfoutput>
<p>
        <pre>#gpgText#</pre>
</p>
</cfoutput>

<cfmail server="your.mail.server" from="sender at domain.tld"
to="rname at domain.tld" subject="order data">#gpgText#</cfmail>

===endFile===



Bryan Nolen
Lead Developer
http://Arc.Net.AU <http://arc.net.au/>
http://cdonline.com.au <http://cdonline.com.au/>



------------ORIG MSG --------------
Message: 4
From: "David Treves" <dwork at macam.ac.il>
To: <thelist at lists.evolt.org>
Date: Sun, 2 Feb 2003 13:50:54 +0200
Subject: [thelist] sensitive info and security
Reply-To: thelist at lists.evolt.org

--
[ Picked text/plain from multipart/alternative ]
Hi All,

I am working on a web site where I should retrieve credit card numbers
from clients of the site and pass them to the site administrator for
manually charging the client.

The site is written in PHP and the payment process is done in a secured
page (128-bit SSL). I don't want to store this sensitive info in the
server's database, and I think that mailing it to the admin is also
unacceptable. I looked for encoding methods (algorithms such as Enigma
to scramble a string using a secret keyword to decode back the original
string). I am still in fear that if someone will hack the web server he
will be able to read the PHP encoding scripts. In a scenario like this
all encoding methods are actually useless...

My client does not have enough transactions to justify payment to a
service which will auto-charge the client.

What are the alternatives you think I have in such situation?

Thanks in advance,
David.
--


--__--__--

Message: 5
From: "Liam Delahunty" <ldelahunty at britstream.com>
To: <thelist at lists.evolt.org>
Subject: RE: [thelist] sensitive info and security
Date: Sun, 2 Feb 2003 12:17:26 -0000
Reply-To: thelist at lists.evolt.org

David Treves wrote:
I am working on a web site where I should retrieve credit card numbers
from
clients of the site and pass them to the site administrator for manually
charging the client.

The site is written in PHP and the payment process is done in a secured
page
(128-bit SSL). I don't want to store this sensitive info in the server's
database, and I think that mailing it to the admin is also unacceptable.
/end section/

Get a PGP public key from the client and use http://www.gnupg.org/ to
encrypt the data and store it. I've just whacked some code together
based on
a process I use on onlinesales.

// Tell gpg where to find the key ring
putenv("GNUPGHOME=/tmp/.gnupg");

// create a unique file name
$infile = tempnam("", "pgp");
$outfile = $infile.".asc";

//write the data to the file
$fp = fopen($infile, "w");
fwrite($fp, $content);
fclose($fp);

// gnupg command.
$encryption_command =  "/usr/local/bin/gpg -a --recipient 'Name Name
<mail at domain.tld>' --encrypt -o $outfile $infile";
system($encryption_command, $result);
//delete the unencrypted temp file
unlink($infile);

if($result==0) {
        $fp = @fopen($outfile, "r");
        if(!$fp||filesize ($outfile)==0) {
        $result = -1;
        } else {
                //read the encrypted file
                $content = fread ($fp, filesize ($outfile));
        }
}
//delete the encrypted temp file
unlink($outfile);
}

// send the email & store in DB whatever...


This process will send an email to the customer and store the details in
the
database, both (fairly) securely.

David Treves also wrote:
My client does not have enough transactions to justify payment to a
service
which will auto-charge the client.
/end/

Make sure that their merchant services provider allows that to handle
orders
taken over the internet. If they are allowed to do mail order (customer
not
present) transactions that doesn't mean they can do Internet
transactions.
However, I'm sure most of my clients, despite my advice, are doing
exactly
that as the banks try and charge for a new agreement, and rent a new PDQ
machine...

Kind regards, Liam Delahunty
Mega Products Limited, 10-11 Moor Street, Soho, London W1D 5NF
http://www.onlinesales.co.uk/ Open Source PHP/MySQL E-commerce
http://www.liamdelahunty.com/ web/ design/ database/ programming
http://www.britstream.com/ Hosting/ Domain Names From UKP 7.50 p.a.
Message: 4
From: "David Treves" <dwork at macam.ac.il>
To: <thelist at lists.evolt.org>
Date: Sun, 2 Feb 2003 13:50:54 +0200
Subject: [thelist] sensitive info and security
Reply-To: thelist at lists.evolt.org

--
[ Picked text/plain from multipart/alternative ]
Hi All,

I am working on a web site where I should retrieve credit card numbers
from clients of the site and pass them to the site administrator for
manually charging the client.

The site is written in PHP and the payment process is done in a secured
page (128-bit SSL). I don't want to store this sensitive info in the
server's database, and I think that mailing it to the admin is also
unacceptable. I looked for encoding methods (algorithms such as Enigma
to scramble a string using a secret keyword to decode back the original
string). I am still in fear that if someone will hack the web server he
will be able to read the PHP encoding scripts. In a scenario like this
all encoding methods are actually useless...

My client does not have enough transactions to justify payment to a
service which will auto-charge the client.

What are the alternatives you think I have in such situation?

Thanks in advance,
David.
--


--__--__--

Message: 5
From: "Liam Delahunty" <ldelahunty at britstream.com>
To: <thelist at lists.evolt.org>
Subject: RE: [thelist] sensitive info and security
Date: Sun, 2 Feb 2003 12:17:26 -0000
Reply-To: thelist at lists.evolt.org

David Treves wrote:
I am working on a web site where I should retrieve credit card numbers
from
clients of the site and pass them to the site administrator for manually
charging the client.

The site is written in PHP and the payment process is done in a secured
page
(128-bit SSL). I don't want to store this sensitive info in the server's
database, and I think that mailing it to the admin is also unacceptable.
/end section/

Get a PGP public key from the client and use http://www.gnupg.org/ to
encrypt the data and store it. I've just whacked some code together
based on
a process I use on onlinesales.

// Tell gpg where to find the key ring
putenv("GNUPGHOME=/tmp/.gnupg");

// create a unique file name
$infile = tempnam("", "pgp");
$outfile = $infile.".asc";

//write the data to the file
$fp = fopen($infile, "w");
fwrite($fp, $content);
fclose($fp);

// gnupg command.
$encryption_command =  "/usr/local/bin/gpg -a --recipient 'Name Name
<mail at domain.tld>' --encrypt -o $outfile $infile";
system($encryption_command, $result);
//delete the unencrypted temp file
unlink($infile);

if($result==0) {
        $fp = @fopen($outfile, "r");
        if(!$fp||filesize ($outfile)==0) {
        $result = -1;
        } else {
                //read the encrypted file
                $content = fread ($fp, filesize ($outfile));
        }
}
//delete the encrypted temp file
unlink($outfile);
}

// send the email & store in DB whatever...


This process will send an email to the customer and store the details in
the
database, both (fairly) securely.

David Treves also wrote:
My client does not have enough transactions to justify payment to a
service
which will auto-charge the client.
/end/

Make sure that their merchant services provider allows that to handle
orders
taken over the internet. If they are allowed to do mail order (customer
not
present) transactions that doesn't mean they can do Internet
transactions.
However, I'm sure most of my clients, despite my advice, are doing
exactly
that as the banks try and charge for a new agreement, and rent a new PDQ
machine...

Kind regards, Liam Delahunty
Mega Products Limited, 10-11 Moor Street, Soho, London W1D 5NF
http://www.onlinesales.co.uk/ Open Source PHP/MySQL E-commerce
http://www.liamdelahunty.com/ web/ design/ database/ programming
http://www.britstream.com/ Hosting/ Domain Names From UKP 7.50 p.a.


--




More information about the thelist mailing list