Re: [WebDNA] Security best practice
This WebDNA talk-list message is from 2009
It keeps the original formatting.
numero = 101862
interpreted = N
texte = Exactly, that's why I feel funny having them stored unencrypted, like so many of us do. My rep told me they don't even want to you write the numbers down, and if you have to write it down, you must shred the paper after you've processed the card.>PCI compliance requires the Primary Account Number (PAN) to be >encrypted when stored.>>>>On Jan 29, 2009, at 6:54 AM, Terry Wilson wrote:>>> Wow, that's a great feature. I always felt a little funny having >>all those cart files w/ cc numbers on hand.>>>> Terry>>>>> Regarding security, one thing that is new in>>> CICADA is the ability to encrypt (as an option)>>> certain sensitive orderfile information.. such>>> as "accountnum". This is one area that I would>>> like for people to test, because I have>>> only had the chance to test it marginally. So>>> far, my tests are that it works. ;-)>>>>>> For example, (only for CICADA owners) activate an>>> orderfile encryption (in the admin pages) and, on>>> a template, do a :>>>>>> [setheader cart=[cart]]accountnum=4111111111111111[/setheader]>>>>>> (remember to have the "ShoppingCarts">>> directory in the same root as your test template)>>>>>> If you look in the orderfile that was created after hitting>>> that template ("less
" in a terminal>>> window), you will see your encrypted accountnum value.>>>>>> Then doing a:>>>>>> [orderfile cart=[cart]]>>> [accountnum]>>> [/orderfile]>>>>>> The encrypted value is magically decrypted and viewable.>>>>>> However, I have not, for example, had a chance to test this>>> under heavy load, or, for example, initiating this>>> on a server with existing sites that use the orderfile>>> tags... but, it looks like a nice feature that SMSI created under>>> the radar so far and it would be really cool if this feature>>> worked on existing sites that use the orderfile tags.>>>>>> I will have time to test this more thoroughly in the future,>>> but if someone else has the means and time, please report>>> back your findings!>>>>>> Donovan>--------------------------------------------------------->This message is sent to you because you are subscribed to>the mailing list .>To unsubscribe, E-mail to: >archives: http://mail.webdna.us/list/talk@webdna.us>old archives: http://dev.webdna.us/TalkListArchive/-- Terry Wilson | terry@terryfic.com | http://terryfic.comhttp://WhosComing.com - a simplified, affordable online reservation systemhttp://TightJacket.com -- stylish protection for your laptop--------------------------------------------------------------------------Attitude is the only difference between ordeal and adventure.
Associated Messages, from the most recent to the oldest:
Exactly, that's why I feel funny having them stored unencrypted, like so many of us do. My rep told me they don't even want to you write the numbers down, and if you have to write it down, you must shred the paper after you've processed the card.>PCI compliance requires the Primary Account Number (PAN) to be >encrypted when stored.>>>>On Jan 29, 2009, at 6:54 AM, Terry Wilson wrote:>>> Wow, that's a great feature. I always felt a little funny having >>all those cart files w/ cc numbers on hand.>>>> Terry>>>>> Regarding security, one thing that is new in>>> CICADA is the ability to encrypt (as an option)>>> certain sensitive orderfile information.. such>>> as "accountnum". This is one area that I would>>> like for people to test, because I have>>> only had the chance to test it marginally. So>>> far, my tests are that it works. ;-)>>>>>> For example, (only for CICADA owners) activate an>>> orderfile encryption (in the admin pages) and, on>>> a template, do a :>>>>>> [setheader cart=[cart]]accountnum=4111111111111111[/setheader]>>>>>> (remember to have the "ShoppingCarts">>> directory in the same root as your test template)>>>>>> If you look in the orderfile that was created after hitting>>> that template ("less " in a terminal>>> window), you will see your encrypted accountnum value.>>>>>> Then doing a:>>>>>> [orderfile cart=[cart]]>>> [accountnum]>>> [/orderfile]>>>>>> The encrypted value is magically decrypted and viewable.>>>>>> However, I have not, for example, had a chance to test this>>> under heavy load, or, for example, initiating this>>> on a server with existing sites that use the orderfile>>> tags... but, it looks like a nice feature that SMSI created under>>> the radar so far and it would be really cool if this feature>>> worked on existing sites that use the orderfile tags.>>>>>> I will have time to test this more thoroughly in the future,>>> but if someone else has the means and time, please report>>> back your findings!>>>>>> Donovan>--------------------------------------------------------->This message is sent to you because you are subscribed to>the mailing list .>To unsubscribe, E-mail to: >archives: http://mail.webdna.us/list/talk@webdna.us>old archives: http://dev.webdna.us/TalkListArchive/-- Terry Wilson | terry@terryfic.com | http://terryfic.comhttp://WhosComing.com - a simplified, affordable online reservation systemhttp://TightJacket.com -- stylish protection for your laptop--------------------------------------------------------------------------Attitude is the only difference between ordeal and adventure.
Terry Wilson
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Set Line Item (1999)
2.0Beta Command Ref (can't find this instruction) (1997)
[WebDNA] numTDsPerTR_onTheFly (2010)
Large sites (2003)
Setting up shop (1997)
Monthly Reports (2000)
Bug? (1997)
WebDNA Mail issues (2002)
WebCat2b13MacPlugIn - syntax to convert date (1997)
How to Sort Summ data ? (1997)
Triggers and SandBoxes - solved (2004)
(1997)
Search in 2 or more catalogs (1997)
Online reference (1997)
RE: WebDNA-Talk searchable? (1997)
How about this? (1998)
Default contains WEBDNA (1998)
Emailer help....! (1997)
WC Database Format (1997)
[OT] 'Email this story to a friend' (2003)