in reply to Re: Re: Credit Card Billing
in thread Credit Card Billing

Obfuscating the key using perlcc is not the answer. The only setup I have seen that seems remotely comforting is a multi-tier design where the box that has the keys is running no services, and can only be passed transactions. (i.e, it can't be queried).

Something like:


Internet =====> Firewall ===> 
        DMZ Web Server ==> Firewall ==> 
               Seriously Locked Down CC Processer
The 'CC Processer' box should be running no services at all, and listening on only one socket. This socket should accept inbound transactions and return an ack/nack, and nothing else. This would mean that administration, key changes, logging in, etc, would have to be done at the console. The web server should only have CC number while they are in transit, and should never write them to disk.

The folks at VISA have a pretty decent summary of what should be done to protect machines with CC data. ( It's a bit lacking on implementation details, but still good.) See: The VISA CISP Tech Info page.

Replies are listed 'Best First'.
Re: Re: Re: Re: Credit Card Billing
by metadoktor (Hermit) on Jan 05, 2002 at 22:33 UTC
    I like the idea of single serial cable with only write access (no read) to the CC Processor and that the CC Processor is not on the network.

    Also some care should probably be taken that any variables used to store the CC info en route from CGI app to CC Processor should be nullified after the CC info has been passed along. If someone breaks into your webserver and gets root they could dump memory to core and possibly pick up CC numbers that way. Something to think about.

    metadoktor

    "The doktor is in."

[reply]

In Section Seekers of Perl Wisdom