Re: [WebDNA] Security best practice

This WebDNA talk-list message is from

2009

It keeps the original formatting. numero = 101862
interpreted = N
texte = Exactly, that's why I feel funny having them stored unencrypted, like so many of us do. My rep told me they don't even want to you write the numbers down, and if you have to write it down, you must shred the paper after you've processed the card.>PCI compliance requires the Primary Account Number (PAN) to be >encrypted when stored.>>>>On Jan 29, 2009, at 6:54 AM, Terry Wilson wrote:>>> Wow, that's a great feature. I always felt a little funny having >>all those cart files w/ cc numbers on hand.>>>> Terry>>>>> Regarding security, one thing that is new in>>> CICADA is the ability to encrypt (as an option)>>> certain sensitive orderfile information.. such>>> as "accountnum". This is one area that I would>>> like for people to test, because I have>>> only had the chance to test it marginally. So>>> far, my tests are that it works. ;-)>>>>>> For example, (only for CICADA owners) activate an>>> orderfile encryption (in the admin pages) and, on>>> a template, do a :>>>>>> [setheader cart=[cart]]accountnum=4111111111111111[/setheader]>>>>>> (remember to have the "ShoppingCarts">>> directory in the same root as your test template)>>>>>> If you look in the orderfile that was created after hitting>>> that template ("less " in a terminal>>> window), you will see your encrypted accountnum value.>>>>>> Then doing a:>>>>>> [orderfile cart=[cart]]>>> [accountnum]>>> [/orderfile]>>>>>> The encrypted value is magically decrypted and viewable.>>>>>> However, I have not, for example, had a chance to test this>>> under heavy load, or, for example, initiating this>>> on a server with existing sites that use the orderfile>>> tags... but, it looks like a nice feature that SMSI created under>>> the radar so far and it would be really cool if this feature>>> worked on existing sites that use the orderfile tags.>>>>>> I will have time to test this more thoroughly in the future,>>> but if someone else has the means and time, please report>>> back your findings!>>>>>> Donovan>--------------------------------------------------------->This message is sent to you because you are subscribed to>the mailing list .>To unsubscribe, E-mail to: >archives: http://mail.webdna.us/list/talk@webdna.us>old archives: http://dev.webdna.us/TalkListArchive/-- Terry Wilson | terry@terryfic.com | http://terryfic.comhttp://WhosComing.com - a simplified, affordable online reservation systemhttp://TightJacket.com -- stylish protection for your laptop--------------------------------------------------------------------------Attitude is the only difference between ordeal and adventure. Associated Messages, from the most recent to the oldest:

Re: [WebDNA] Security best practice (Donovan Brooke 2009)
Re: [WebDNA] Security best practice (Terry Wilson 2009)
Re: [WebDNA] Security best practice (Clint Davis 2009)
Re: [WebDNA] Security best practice (Terry Wilson 2009)
Re: [WebDNA] Security best practice (Donovan Brooke 2009)
Re: [WebDNA] Security best practice (Donovan Brooke 2009)
[WebDNA] Security best practice ("Tom Duke" 2009)

Exactly, that's why I feel funny having them stored unencrypted, like so many of us do. My rep told me they don't even want to you write the numbers down, and if you have to write it down, you must shred the paper after you've processed the card.>PCI compliance requires the Primary Account Number (PAN) to be >encrypted when stored.>>>>On Jan 29, 2009, at 6:54 AM, Terry Wilson wrote:>>> Wow, that's a great feature. I always felt a little funny having >>all those cart files w/ cc numbers on hand.>>>> Terry>>>>> Regarding security, one thing that is new in>>> CICADA is the ability to encrypt (as an option)>>> certain sensitive orderfile information.. such>>> as "accountnum". This is one area that I would>>> like for people to test, because I have>>> only had the chance to test it marginally. So>>> far, my tests are that it works. ;-)>>>>>> For example, (only for CICADA owners) activate an>>> orderfile encryption (in the admin pages) and, on>>> a template, do a :>>>>>> [setheader cart=[cart]]accountnum=4111111111111111[/setheader]>>>>>> (remember to have the "ShoppingCarts">>> directory in the same root as your test template)>>>>>> If you look in the orderfile that was created after hitting>>> that template ("less " in a terminal>>> window), you will see your encrypted accountnum value.>>>>>> Then doing a:>>>>>> [orderfile cart=[cart]]>>> [accountnum]>>> [/orderfile]>>>>>> The encrypted value is magically decrypted and viewable.>>>>>> However, I have not, for example, had a chance to test this>>> under heavy load, or, for example, initiating this>>> on a server with existing sites that use the orderfile>>> tags... but, it looks like a nice feature that SMSI created under>>> the radar so far and it would be really cool if this feature>>> worked on existing sites that use the orderfile tags.>>>>>> I will have time to test this more thoroughly in the future,>>> but if someone else has the means and time, please report>>> back your findings!>>>>>> Donovan>--------------------------------------------------------->This message is sent to you because you are subscribed to>the mailing list .>To unsubscribe, E-mail to: >archives: http://mail.webdna.us/list/talk@webdna.us>old archives: http://dev.webdna.us/TalkListArchive/-- Terry Wilson | terry@terryfic.com | http://terryfic.comhttp://WhosComing.com - a simplified, affordable online reservation systemhttp://TightJacket.com -- stylish protection for your laptop--------------------------------------------------------------------------Attitude is the only difference between ordeal and adventure. Terry Wilson

DOWNLOAD WEBDNA NOW!

Re: [WebDNA] Security best practice

2009

Top Articles:

Related Readings: