Encrypting data on shared disk

Popcorn Dave has asked for the wisdom of the Perl Monks concerning the following question:

Fellow monks,

I am in need of advice in the following area.

I am thinking of writing a small e-commerce system for work, but we don't have our own server. We just have your basic hosted web site with 100M of space.

My question is two fold:

1. My thinking was to be able to, via CGI and SSL, take orders with credit cards, encrypt the data, and retrieve said data with another CGI SSL app, thereby geting around the fact we don't have our own server. I know that part is doable without a whole lot of problem, but is it reasonable?

2. Is it possible to keep secure data on a shared disk at all?

I'd appreciate any links to anything like this that anyone has seen or done, or any suggestions you might have that would make it stronger if it's even possible.

Thanks in advance!

Some people fall from grace. I prefer a running start...

Comment on Encrypting data on shared disk - is it possible?

Replies are listed 'Best First'.
Re: Encrypting data on shared disk - is it possible? by joealba (Hermit) on May 16, 2002 at 05:07 UTC
Sure! Your method will work just fine, and it's certainly reasonable considering your options. But, you will want to find a clever way to store your data (away from the prying eyes of mere mortals). If a database (like MySQL) is available, then that would be my first choice. Have your "order retrieval" script be password protected too. If that is not an option, you could certainly store your data using Storable. Save a hash of the records in a Storable file. That way no one can read your records as plain text. Keep in mind that these aren't fool proof options. But, what is? :)	[reply]
Re: Re: Encrypting data on shared disk - is it possible? by moodster (Hermit) on May 16, 2002 at 07:45 UTC
If that is not an option, you could certainly store your data using Storable. Save a hash of the records in a Storable file. That way no one can read your records as plain text. Well, since hashing is usually a one-way operation, neither can you. :) Encryption is probably what you want in this case. I'd also like to offer my advice to the original poster, and that is to go with a standard encryption algorithm and not roll you own (see the comments for CipherText and CipherTextI for amusing reading on why encryption is hard to do by yourself). There are several good modules on CPAN: Crypt::Blowfish or Crypt::Twofish for example. `/me recommends Applied Cryptography by Bruce Schneier` Cheers, --Moodster	[reply] [d/l]
Re: Re: Re: Encrypting data on shared disk - is it possible? by joealba (Hermit) on May 16, 2002 at 17:51 UTC
No, I mean hash like `%hash`, not like MD5. :) Just another way to store records if a database is not available.	[reply] [d/l]
Re: Encrypting data on shared disk - is it possible? by cmilfo (Hermit) on May 16, 2002 at 05:10 UTC
In the June 2002 issue of Linux Journal there is an article titled, "BestCrypt: Cross-Platform Filesystem Encryption". It reviews the BestCrypt software (free for non-commercial use, reasonably priced for commercial use). From the article, it sounds like a possible solution to your problem. However, experience has taught me that the sysadmin who supports the server will have a say in what is installed, etc. Consult her/him on the subject when evaluating solutions.	[reply]
Re: Encrypting data on shared disk - is it possible? by derby (Abbot) on May 16, 2002 at 12:03 UTC
It is possible but be wary of some traps. Using a symetric algorithm could be problematic because you're going to need that key embedded in your cgi somehow and if the bad hats have access to the "data" disk, then they probably also have access to the "cgi" disk - making that symetric approach suspect. You could look into using an asymetric algorithm, take a look at my (toot toot) GPG Tutorial for ideas on how to set up a two-user encryption scheme. -derby	[reply]
Re: Encrypting data on shared disk - is it possible? by shotgunefx (Parson) on May 16, 2002 at 18:04 UTC
You could always store the sensitive stuff encrypted with GnuPG. Don't keep a copy of your private key anywhere on the server and it should work well. (providing you keep your key safe and encrypt transmissions with SSL.) Also burn a copy of your private key and put it in a safe deposit box. -Lee "To be civilized is to deny one's nature."	[reply]
Re: Encrypting data on shared disk - is it possible? by satanklawz (Beadle) on May 16, 2002 at 23:55 UTC
There is no reason why this shouldn't work. As for data stuff- I've found that compressing and then encrypting the data really puts a damper on people who try to view it. And since you have ~100 Megs, I'd really suggest using compression. As for the transmission of data- I've written a small client-server app that uses both compression and encryption. Email me if you want the code.	[reply]
Re: Re: Encrypting data on shared disk - is it possible? by Popcorn Dave (Abbot) on May 17, 2002 at 00:19 UTC
I appreciate the offer, but I'm going to try my own first. That way I can cure the mistakes I make, plus I'll expand my knowledge that much more I hope. :) Some people fall from grace. I prefer a running start...	[reply]