Re: [WebDNA] Security best practice

This WebDNA talk-list message is from

2009

It keeps the original formatting. numero = 101861
interpreted = N
texte = PCI compliance requires the Primary Account Number (PAN) to be encrypted when stored.On Jan 29, 2009, at 6:54 AM, Terry Wilson wrote:> Wow, that's a great feature. I always felt a little funny having all > those cart files w/ cc numbers on hand.>> Terry>>> Regarding security, one thing that is new in>> CICADA is the ability to encrypt (as an option)>> certain sensitive orderfile information.. such>> as "accountnum". This is one area that I would>> like for people to test, because I have>> only had the chance to test it marginally. So>> far, my tests are that it works. ;-)>>>> For example, (only for CICADA owners) activate an>> orderfile encryption (in the admin pages) and, on>> a template, do a :>>>> [setheader cart=[cart]]accountnum=4111111111111111[/setheader]>>>> (remember to have the "ShoppingCarts">> directory in the same root as your test template)>>>> If you look in the orderfile that was created after hitting>> that template ("less " in a terminal>> window), you will see your encrypted accountnum value.>>>> Then doing a:>>>> [orderfile cart=[cart]]>> [accountnum]>> [/orderfile]>>>> The encrypted value is magically decrypted and viewable.>>>> However, I have not, for example, had a chance to test this>> under heavy load, or, for example, initiating this>> on a server with existing sites that use the orderfile>> tags... but, it looks like a nice feature that SMSI created under>> the radar so far and it would be really cool if this feature>> worked on existing sites that use the orderfile tags.>>>> I will have time to test this more thoroughly in the future,>> but if someone else has the means and time, please report>> back your findings!>>>> Donovan Associated Messages, from the most recent to the oldest:

Re: [WebDNA] Security best practice (Donovan Brooke 2009)
Re: [WebDNA] Security best practice (Terry Wilson 2009)
Re: [WebDNA] Security best practice (Clint Davis 2009)
Re: [WebDNA] Security best practice (Terry Wilson 2009)
Re: [WebDNA] Security best practice (Donovan Brooke 2009)
Re: [WebDNA] Security best practice (Donovan Brooke 2009)
[WebDNA] Security best practice ("Tom Duke" 2009)

PCI compliance requires the Primary Account Number (PAN) to be encrypted when stored.On Jan 29, 2009, at 6:54 AM, Terry Wilson wrote:> Wow, that's a great feature. I always felt a little funny having all > those cart files w/ cc numbers on hand.>> Terry>>> Regarding security, one thing that is new in>> CICADA is the ability to encrypt (as an option)>> certain sensitive orderfile information.. such>> as "accountnum". This is one area that I would>> like for people to test, because I have>> only had the chance to test it marginally. So>> far, my tests are that it works. ;-)>>>> For example, (only for CICADA owners) activate an>> orderfile encryption (in the admin pages) and, on>> a template, do a :>>>> [setheader cart=[cart]]accountnum=4111111111111111[/setheader]>>>> (remember to have the "ShoppingCarts">> directory in the same root as your test template)>>>> If you look in the orderfile that was created after hitting>> that template ("less " in a terminal>> window), you will see your encrypted accountnum value.>>>> Then doing a:>>>> [orderfile cart=[cart]]>> [accountnum]>> [/orderfile]>>>> The encrypted value is magically decrypted and viewable.>>>> However, I have not, for example, had a chance to test this>> under heavy load, or, for example, initiating this>> on a server with existing sites that use the orderfile>> tags... but, it looks like a nice feature that SMSI created under>> the radar so far and it would be really cool if this feature>> worked on existing sites that use the orderfile tags.>>>> I will have time to test this more thoroughly in the future,>> but if someone else has the means and time, please report>> back your findings!>>>> Donovan Clint Davis

DOWNLOAD WEBDNA NOW!

Re: [WebDNA] Security best practice

2009

Top Articles:

Related Readings: