Re: Permissions Ignored - PLEASE HELP
This WebDNA talk-list message is from 2003
It keeps the original formatting.
numero = 47109
interpreted = N
texte = > >those credit card numbers are still stored in the individual orderfiles,> >therefore... YES, it is MY responsibility to protect those numbers.>>> First, the info in the order files should be written to a database,> with the credit card numbers encrypted.Hell yes - also encrypt the exp date and name.>> Second, the order files should be DELETED immediately after each> transaction is completed -- to prevent anyone from being able to> download them, and to prevent anyone with username/password access> from seeing the UNENCRYPTED credit card values in those files.There is a setting in webcat admin for how often to sweep the directory butthe files can always be [deletefile] just in case. This will stop stuff likethis happening... This is the company that both alain and i used to workfor. they configured their brand new server wrong after we left... bigmistake http://www.nzherald.co.nz/storydisplay.cfm?storyID=2999140>> Third, all your webdna templates and include files should be> encrypted -- to prevent anyone from seeing the SEED value you used to> encrypt the credit card values when storing them in your database> file.We have a database of 1000 randomly generated seeds. the ID of the seed touse is stored in the cc database and a lookup is used to find the seed forthe particular row. the two databases are on opposite ends of the server andneither of them is in a served directory.>> Fourth, you should *NEVER* display the full credit card number on any> web page, even when you're decrypting those values for some reason.> Instead you should display only the last 3 or 4 digits of the number> on the page.>NEVER! The company above also use to send invoices via email with fullcredit card number as confirmation to the customer. BIG MISTAKE - HUGE!Everything surrounding an online store should also be wrapped up in SSL butthis should be pretty obvious.>> Sincerely,> Kenneth Grome>> ---------------------------------------------------> WebDNA Professional Training and Development Center> 175 J. Llorente Street +63 (32) 255-6921> Cebu City, Cebu 6000 kengrome@webdna.net> Philippines http://www.webdna.net> --------------------------------------------------->> -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list
.> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to> Web Archive of this list is at: http://webdna.smithmicro.com/-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
> >those credit card numbers are still stored in the individual orderfiles,> >therefore... YES, it is MY responsibility to protect those numbers.>>> First, the info in the order files should be written to a database,> with the credit card numbers encrypted.Hell yes - also encrypt the exp date and name.>> Second, the order files should be DELETED immediately after each> transaction is completed -- to prevent anyone from being able to> download them, and to prevent anyone with username/password access> from seeing the UNENCRYPTED credit card values in those files.There is a setting in webcat admin for how often to sweep the directory butthe files can always be [deletefile] just in case. This will stop stuff likethis happening... This is the company that both alain and i used to workfor. they configured their brand new server wrong after we left... bigmistake http://www.nzherald.co.nz/storydisplay.cfm?storyID=2999140>> Third, all your webdna templates and include files should be> encrypted -- to prevent anyone from seeing the SEED value you used to> encrypt the credit card values when storing them in your database> file.We have a database of 1000 randomly generated seeds. the ID of the seed touse is stored in the cc database and a lookup is used to find the seed forthe particular row. the two databases are on opposite ends of the server andneither of them is in a served directory.>> Fourth, you should *NEVER* display the full credit card number on any> web page, even when you're decrypting those values for some reason.> Instead you should display only the last 3 or 4 digits of the number> on the page.>NEVER! The company above also use to send invoices via email with fullcredit card number as confirmation to the customer. BIG MISTAKE - HUGE!Everything surrounding an online store should also be wrapped up in SSL butthis should be pretty obvious.>> Sincerely,> Kenneth Grome>> ---------------------------------------------------> WebDNA Professional Training and Development Center> 175 J. Llorente Street +63 (32) 255-6921> Cebu City, Cebu 6000 kengrome@webdna.net> Philippines http://www.webdna.net> --------------------------------------------------->> -------------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to> Web Archive of this list is at: http://webdna.smithmicro.com/-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Andrew Simpson
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
RE: Error: template (1997)
Page Expiring again... (2006)
Picking a random entry from a .db (2001)
Need relative path explanation (1997)
Interfacing WebMerchant to www.fedex.com (1997)
Forms Search Questions (1997)
problems with 2 tags (1997)
Problems getting parameters passed into email. (1997)
Re2: frames & carts (1997)
orders being printed (1998)
[ModDate] & [ModTime] ? (1997)
Nebulous slow-down problem (2000)
unclear on a simple [cart] ? (1998)
ghost dbs!? (2003)
writefile - continued (1997)
Verifying SSL on Page (2002)
[WebDNA] why this error when using [shownext] with a [table]? (2009)
PCS Frames (1997)
how to use WebCat w. SSL & CyberCash (1998)
WebCat2 - [format thousands] (1997)