[thelist] sensitive info and security

[Liam Delahunty]

Tony Page wrote:

[ in regard to encrypting data in PHP with GNUPG]

<quote Tony Page>
I just had this problem (earlier discussion on list), and Erik suggested
sending notification emails with a secure area on server where the
client could retrieve information online.
...

Of course, it has the drawback that you have to get a public key
from your client if you want the emails to go straight there.

...
All the more so because of the clauses in merchant
contracts re secure transmissions (at the moment I'm transmitting the
info via fax to the final destination!).
</end>

In my onlinesales system (depending on administrator choices in the backend)
they can store encrypted CC data or store plain; send CC by email encrypted
or send order details but not the CC in plain.

Essentially, if the user does have a key then they can choose to get
encrypted messages. If they don't then they just get an email saying please
log in and view order #X. The problem with the original post though was
keeping the data secure, so the best option there if possible with the
client, is to also encrypt the data and store that encrypted into the db. So
even if someone does hack the DB, they shouldn't be able to do much with it.

However, if you store the CC data encrypted so that it can't be read by
anyone except one with the PRIVATE key, then the user has to enter CC
details each time they come to your shop. More secure, but a bit of a hassle
for the end user. So I would presume that one could encrypt the data using
the servers SSL key, and then decrypt it if in an SSL section with the
servers private key. Any comments?

Kind regards, Liam Delahunty
Mega Products Limited, 10-11 Moor Street, Soho, London W1D 5NF
http://www.onlinesales.co.uk/ Open Source PHP/MySQL E-commerce
http://www.liamdelahunty.com/ web/ design/ database/ programming
http://www.britstream.com/ Hosting/ Domain Names From UKP 7.50 p.a.