Re: [WebDNA] Security best practice
This WebDNA talk-list message is from 2009
It keeps the original formatting.
numero = 101861
interpreted = N
texte = PCI compliance requires the Primary Account Number (PAN) to be encrypted when stored.On Jan 29, 2009, at 6:54 AM, Terry Wilson wrote:> Wow, that's a great feature. I always felt a little funny having all > those cart files w/ cc numbers on hand.>> Terry>>> Regarding security, one thing that is new in>> CICADA is the ability to encrypt (as an option)>> certain sensitive orderfile information.. such>> as "accountnum". This is one area that I would>> like for people to test, because I have>> only had the chance to test it marginally. So>> far, my tests are that it works. ;-)>>>> For example, (only for CICADA owners) activate an>> orderfile encryption (in the admin pages) and, on>> a template, do a :>>>> [setheader cart=[cart]]accountnum=4111111111111111[/setheader]>>>> (remember to have the "ShoppingCarts">> directory in the same root as your test template)>>>> If you look in the orderfile that was created after hitting>> that template ("less
" in a terminal>> window), you will see your encrypted accountnum value.>>>> Then doing a:>>>> [orderfile cart=[cart]]>> [accountnum]>> [/orderfile]>>>> The encrypted value is magically decrypted and viewable.>>>> However, I have not, for example, had a chance to test this>> under heavy load, or, for example, initiating this>> on a server with existing sites that use the orderfile>> tags... but, it looks like a nice feature that SMSI created under>> the radar so far and it would be really cool if this feature>> worked on existing sites that use the orderfile tags.>>>> I will have time to test this more thoroughly in the future,>> but if someone else has the means and time, please report>> back your findings!>>>> Donovan
Associated Messages, from the most recent to the oldest:
PCI compliance requires the Primary Account Number (PAN) to be encrypted when stored.On Jan 29, 2009, at 6:54 AM, Terry Wilson wrote:> Wow, that's a great feature. I always felt a little funny having all > those cart files w/ cc numbers on hand.>> Terry>>> Regarding security, one thing that is new in>> CICADA is the ability to encrypt (as an option)>> certain sensitive orderfile information.. such>> as "accountnum". This is one area that I would>> like for people to test, because I have>> only had the chance to test it marginally. So>> far, my tests are that it works. ;-)>>>> For example, (only for CICADA owners) activate an>> orderfile encryption (in the admin pages) and, on>> a template, do a :>>>> [setheader cart=[cart]]accountnum=4111111111111111[/setheader]>>>> (remember to have the "ShoppingCarts">> directory in the same root as your test template)>>>> If you look in the orderfile that was created after hitting>> that template ("less " in a terminal>> window), you will see your encrypted accountnum value.>>>> Then doing a:>>>> [orderfile cart=[cart]]>> [accountnum]>> [/orderfile]>>>> The encrypted value is magically decrypted and viewable.>>>> However, I have not, for example, had a chance to test this>> under heavy load, or, for example, initiating this>> on a server with existing sites that use the orderfile>> tags... but, it looks like a nice feature that SMSI created under>> the radar so far and it would be really cool if this feature>> worked on existing sites that use the orderfile tags.>>>> I will have time to test this more thoroughly in the future,>> but if someone else has the means and time, please report>> back your findings!>>>> Donovan
Clint Davis
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
[searchString] (1997)
Help Encrypt/Decrypt eMail (2003)
Exists? (1997)
reserved characters for field names? (1998)
New public beta available (1997)
Need relative path explanation (1997)
PIXO support (1997)
[WebDNA] [OT] hello (2012)
default value from Lookup (was Grant, please help me) (1997)
[SearchString] usage (1997)
RE: protect tag on NT (1997)
purchase.log file (1997)
WebCat for Unix?? (1997)
template cache problem (1998)
Re:Formulas.db / Quantity Discount problem (1998)
Redirect (2000)
math on date? (1997)
[WebDNA] Pretty URLS (2011)
Progress !! WAS: Trouble with formula.db (1997)
Beta 18 (1997)