Re: Orderfile Encryption

This WebDNA talk-list message is from

2007


It keeps the original formatting.
numero = 69049
interpreted = N
texte = John Peacock wrote: > Clint Davis wrote: >> The double [url] was discussed at some point on the list. I thought it >> was >> required. I'll try with the single [url] and see what happens. > > The double [url] is required because [encrypt] can include some high > ASCII characters that are not escaped properly with a single [url] > (whether that is a bug or not is up for discuss). A single [unurl] is > required when reading the data back out, because WebDNA implicitly has > an [unurl] for any header field. > > As for encrypting the contents of the AccountNum field, I don't think > that is possible; WebDNA has special handling for that field (checksum, > et al) that may limit the effective size of the field (though it isn't > mentioned in the docs that I can see). I would use the AC (Account) > PayMethod and store the encrypted CC number in one of the Text[A-Z] > fields instead. It may be that if you use AC for PayMethod, you can > then stuff the encrypted CC in the AccountNum field. > > However, be aware that anyone with physical access to your server (which > is what is required to read the order files), would have access to your > templates as well (unless you encrypt those two) and would be able to > gain access to your seed value to decrypt the order files. Security is > only useful if you understands both its strengths and weaknesses... > > HTH > > John Why would he have to use PayMethod AC to use a text field for the account number? I believe the globals merchant templates are unencrypted in recent versions... thus Clint could edit the authnet (or what have you) templates to pull the *encrypted* account number from the text field. However, maybe I'm getting ahead of myself because I thought that the credit card was encrypted in the new sitebuilder code.. I'll check quickly. Donovan -- =o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o DONOVAN D. BROOKE EUCA Design Center <- Web Development (specializing in eCommerce),-> <- Desktop Publishing, Print Consulting, Labels -> <-Glass Products, off-hand Classes/studio rental-> PH:>(608) 835-2476 TALK:>http://artglass-forum.com WEB:> http://www.euca.us & http://www.egg.bz =o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Orderfile Encryption ( "Planet DJ (Chris W.)" 2007)
  2. Re: Orderfile Encryption ( Clint Davis 2007)
  3. Re: Orderfile Encryption ( John Peacock 2007)
  4. Re: Orderfile Encryption ( Clint Davis 2007)
  5. Re: Orderfile Encryption ( Clint Davis 2007)
  6. Re: Orderfile Encryption ( Donovan Brooke 2007)
  7. Re: Orderfile Encryption ( Donovan Brooke 2007)
  8. Re: Orderfile Encryption ( John Peacock 2007)
  9. Re: Orderfile Encryption ( Clint Davis 2007)
  10. Re: Orderfile Encryption ( Matthew A Perosi 2007)
John Peacock wrote: > Clint Davis wrote: >> The double [url] was discussed at some point on the list. I thought it >> was >> required. I'll try with the single [url] and see what happens. > > The double [url] is required because [encrypt] can include some high > ASCII characters that are not escaped properly with a single [url] > (whether that is a bug or not is up for discuss). A single [unurl] is > required when reading the data back out, because WebDNA implicitly has > an [unurl] for any header field. > > As for encrypting the contents of the AccountNum field, I don't think > that is possible; WebDNA has special handling for that field (checksum, > et al) that may limit the effective size of the field (though it isn't > mentioned in the docs that I can see). I would use the AC (Account) > PayMethod and store the encrypted CC number in one of the Text[A-Z] > fields instead. It may be that if you use AC for PayMethod, you can > then stuff the encrypted CC in the AccountNum field. > > However, be aware that anyone with physical access to your server (which > is what is required to read the order files), would have access to your > templates as well (unless you encrypt those two) and would be able to > gain access to your seed value to decrypt the order files. Security is > only useful if you understands both its strengths and weaknesses... > > HTH > > John Why would he have to use PayMethod AC to use a text field for the account number? I believe the globals merchant templates are unencrypted in recent versions... thus Clint could edit the authnet (or what have you) templates to pull the *encrypted* account number from the text field. However, maybe I'm getting ahead of myself because I thought that the credit card was encrypted in the new sitebuilder code.. I'll check quickly. Donovan -- =o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o DONOVAN D. BROOKE EUCA Design Center <- Web Development (specializing in eCommerce),-> <- Desktop Publishing, Print Consulting, Labels -> <-Glass Products, off-hand Classes/studio rental-> PH:>(608) 835-2476 TALK:>http://artglass-forum.com WEB:> http://www.euca.us & http://www.egg.bz =o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Donovan Brooke

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Using [showif] (2000) [WriteFile] problems (1997) Database Not Found Problem (2004) Resetting a Formvariable (2000) Flash loadVariables (2003) Re:Emailer tracking (1997) Re:2nd WebCatalog2 Feature Request (1996) Setting up the server (1997) date pref (1999) Quit revisited (1997) Ship Cost Calculated via Subtotal (1998) Merging databases (1997) [date] BUG! (2002) Updating a database once per day - An example (1998) Help w/ Duplicating The General Store 5 times. (1997) [WebDNA] Small Parsing Problem (2009) [OT] Trying to steal databases on our server (2003) Dummy Credit Card Number for debug? (1997) Protecting Realms (1998) (1997)