Security Issues and WebCommerce Solution

This WebDNA talk-list message is from

1997


It keeps the original formatting.
numero = 11063
interpreted = N
texte = There are some questions about how to set up a secure set of servers in a WebCommerce Solution environment, so I'll start giving you some of our security model here. Yes, we really do spend a lot of time thinking about (and solving) these issues.1) To prevent bad people from getting your credit card via URL, store critical files outside WebSTAR's folder hierarchy. Thus there is no possible URL that can reach the files.1a) Our full WebCommerce Solution (WebCatalog+WebMerchant) addresses this by giving WebMerchant a preference for where it should save completed order files. This can be any folder on any hard disk, presumably outside WebSTAR's folder.1b) WebCatalog2 alone does many things to prevent remote viewing of files -- its default file type for shopping cart files is WWW‡, which WebSTAR refuses to ever serve up. You can store all your credit cards, mother's maiden name, bank records, and passwords in such a file and no one will ever be able to remotely see it. Even SiteEdit Pro won't view it if you have the permissions set right.1c) For WebCat2 we purposely ADDED the ability to view orders (with credit card numbers) remotely. Why? So vendors can receive a short email saying someone just bought. view the full order and card# at this URL, but no credit card number is in the email itself. How is it safe? The URL leads to a password-protected template (using [protect]) that displays the order contents. You access that URL via https. Yes, it's true you can access that URL via plain http (because it's on the same box), but we obviously don't recommend you do that (with convenience comes responsibility). And any bad guys who want to steal credit card numbers must know the full order# (cart), and they must know the password to the template.2) Run WebMerchant on a separate machine from WebCatalog. It's designed to process orders that are sitting in its orders folder, and then move them to another folder when it's done. So for the 10-15 seconds that the file is sitting in that folder, I suppose you MIGHT be able to create a URL to it, but since it's got the WWW‡ file type, WebSTAR still won't serve it up. And WebCatalog can't be coached into serving it up either (via $ShowPage), because it doesn't have in it either.I hope this helps. If you find actual security holes (meaning you've actually been able to get sensitive information without needing passwords, and it's not just a 'thought experiment'), then please email us privately so we can plug those holes. No one has ever been able to crack a Mac, http://hacke.infinit.se/indexeng.html and we'd like to keep it that way!Grant Hulbert, V.P. Engineering | ===== Tools for WebWarriors ===== Pacific Coast Software | WebCatalog Pro, WebCommerce Solution 11770 Bernardo Plaza Court, #453 | SiteEdit Pro, SiteCheck, PhotoMaster San Diego, CA 92128 | SiteGuard 619/675-1106 Fax: 619/675-0372 | http://www.smithmicro.com Associated Messages, from the most recent to the oldest:

    
  1. Security Issues and WebCommerce Solution (Grant Hulbert 1997)
There are some questions about how to set up a secure set of servers in a WebCommerce Solution environment, so I'll start giving you some of our security model here. Yes, we really do spend a lot of time thinking about (and solving) these issues.1) To prevent bad people from getting your credit card via URL, store critical files outside WebSTAR's folder hierarchy. Thus there is no possible URL that can reach the files.1a) Our full WebCommerce Solution (WebCatalog+WebMerchant) addresses this by giving WebMerchant a preference for where it should save completed order files. This can be any folder on any hard disk, presumably outside WebSTAR's folder.1b) WebCatalog2 alone does many things to prevent remote viewing of files -- its default file type for shopping cart files is WWW‡, which WebSTAR refuses to ever serve up. You can store all your credit cards, mother's maiden name, bank records, and passwords in such a file and no one will ever be able to remotely see it. Even SiteEdit Pro won't view it if you have the permissions set right.1c) For WebCat2 we purposely ADDED the ability to view orders (with credit card numbers) remotely. Why? So vendors can receive a short email saying someone just bought. view the full order and card# at this URL, but no credit card number is in the email itself. How is it safe? The URL leads to a password-protected template (using [protect]) that displays the order contents. You access that URL via https. Yes, it's true you can access that URL via plain http (because it's on the same box), but we obviously don't recommend you do that (with convenience comes responsibility). And any bad guys who want to steal credit card numbers must know the full order# (cart), and they must know the password to the template.2) Run WebMerchant on a separate machine from WebCatalog. It's designed to process orders that are sitting in its orders folder, and then move them to another folder when it's done. So for the 10-15 seconds that the file is sitting in that folder, I suppose you MIGHT be able to create a URL to it, but since it's got the WWW‡ file type, WebSTAR still won't serve it up. And WebCatalog can't be coached into serving it up either (via $ShowPage), because it doesn't have in it either.I hope this helps. If you find actual security holes (meaning you've actually been able to get sensitive information without needing passwords, and it's not just a 'thought experiment'), then please email us privately so we can plug those holes. No one has ever been able to crack a Mac, http://hacke.infinit.se/indexeng.html and we'd like to keep it that way!Grant Hulbert, V.P. Engineering | ===== Tools for WebWarriors ===== Pacific Coast Software | WebCatalog Pro, WebCommerce Solution 11770 Bernardo Plaza Court, #453 | SiteEdit Pro, SiteCheck, PhotoMaster San Diego, CA 92128 | SiteGuard 619/675-1106 Fax: 619/675-0372 | http://www.smithmicro.com Grant Hulbert

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Country & Ship-to address & other fields ? (1997) hiding return characters (2000) WebMerchant and Mac Auth Hub Help Please (1999) Trigger time setting (2002) Running 2 two WebCatalog.acgi's (1996) [WebDNA] Correct returnraw syntax? (2011) Convertchars Problem (2004) Re:Running 2 two WebCatalog.acgi's (1996) WebCat 3.04-3.07 plug-in dying on server.... (2000) Credit card types (1997) WC TableGrinder (1997) server2003 (2004) Comments Please ... Omnis Studio v WC (2001) using showpage and showcart commands (1996) Price Not Appearing (2000) autocommit problem (1998) RE: [WebDNA] IIS 6.0 Custom Errors & WebDNA 6.2 (2009) Comments in db? (1997) No shipping systems available? (1998) Bug? (1997)