Re: Orderfile Encryption
This WebDNA talk-list message is from 2007
It keeps the original formatting.
numero = 69049
interpreted = N
texte = John Peacock wrote:> Clint Davis wrote:>> The double [url] was discussed at some point on the list. I thought it >> was>> required. I'll try with the single [url] and see what happens.> > The double [url] is required because [encrypt] can include some high > ASCII characters that are not escaped properly with a single [url] > (whether that is a bug or not is up for discuss). A single [unurl] is > required when reading the data back out, because WebDNA implicitly has > an [unurl] for any header field.> > As for encrypting the contents of the AccountNum field, I don't think > that is possible; WebDNA has special handling for that field (checksum, > et al) that may limit the effective size of the field (though it isn't > mentioned in the docs that I can see). I would use the AC (Account) > PayMethod and store the encrypted CC number in one of the Text[A-Z] > fields instead. It may be that if you use AC for PayMethod, you can > then stuff the encrypted CC in the AccountNum field.> > However, be aware that anyone with physical access to your server (which > is what is required to read the order files), would have access to your > templates as well (unless you encrypt those two) and would be able to > gain access to your seed value to decrypt the order files. Security is > only useful if you understands both its strengths and weaknesses...> > HTH> > JohnWhy would he have to use PayMethod AC to use a text field for the account number?I believe the globals merchant templates are unencrypted in recent versions...thus Clint could edit the authnet (or what have you) templates to pull the*encrypted* account number from the text field.However, maybe I'm getting ahead of myself because I thought that the creditcard was encrypted in the new sitebuilder code.. I'll check quickly.Donovan-- =o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o DONOVAN D. BROOKE EUCA Design Center <- Web Development (specializing in eCommerce),-> <- Desktop Publishing, Print Consulting, Labels -> <-Glass Products, off-hand Classes/studio rental-> PH:>(608) 835-2476 TALK:>http://artglass-forum.com WEB:> http://www.euca.us & http://www.egg.bz =o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list
.To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
John Peacock wrote:> Clint Davis wrote:>> The double [url] was discussed at some point on the list. I thought it >> was>> required. I'll try with the single [url] and see what happens.> > The double [url] is required because [encrypt] can include some high > ASCII characters that are not escaped properly with a single [url] > (whether that is a bug or not is up for discuss). A single [unurl] is > required when reading the data back out, because WebDNA implicitly has > an [unurl] for any header field.> > As for encrypting the contents of the AccountNum field, I don't think > that is possible; WebDNA has special handling for that field (checksum, > et al) that may limit the effective size of the field (though it isn't > mentioned in the docs that I can see). I would use the AC (Account) > PayMethod and store the encrypted CC number in one of the Text[A-Z] > fields instead. It may be that if you use AC for PayMethod, you can > then stuff the encrypted CC in the AccountNum field.> > However, be aware that anyone with physical access to your server (which > is what is required to read the order files), would have access to your > templates as well (unless you encrypt those two) and would be able to > gain access to your seed value to decrypt the order files. Security is > only useful if you understands both its strengths and weaknesses...> > HTH> > JohnWhy would he have to use PayMethod AC to use a text field for the account number?I believe the globals merchant templates are unencrypted in recent versions...thus Clint could edit the authnet (or what have you) templates to pull the*encrypted* account number from the text field.However, maybe I'm getting ahead of myself because I thought that the creditcard was encrypted in the new sitebuilder code.. I'll check quickly.Donovan-- =o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o DONOVAN D. BROOKE EUCA Design Center <- Web Development (specializing in eCommerce),-> <- Desktop Publishing, Print Consulting, Labels -> <-Glass Products, off-hand Classes/studio rental-> PH:>(608) 835-2476 TALK:>http://artglass-forum.com WEB:> http://www.euca.us & http://www.egg.bz =o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Donovan Brooke
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Using [showif] (2000)
[WriteFile] problems (1997)
Database Not Found Problem (2004)
Resetting a Formvariable (2000)
Flash loadVariables (2003)
Re:Emailer tracking (1997)
Re:2nd WebCatalog2 Feature Request (1996)
Setting up the server (1997)
date pref (1999)
Quit revisited (1997)
Ship Cost Calculated via Subtotal (1998)
Merging databases (1997)
[date] BUG! (2002)
Updating a database once per day - An example (1998)
Help w/ Duplicating The General Store 5 times. (1997)
[WebDNA] Small Parsing Problem (2009)
[OT] Trying to steal databases on our server (2003)
Dummy Credit Card Number for debug? (1997)
Protecting Realms (1998)
(1997)