Obfuscating the key using perlcc is
not the answer.
The only setup I have seen that seems remotely comforting
is a multi-tier design where the box that has the keys
is running no services, and can only be passed transactions.
(i.e, it can't be queried).
Something like:
Internet =====> Firewall ===>
DMZ Web Server ==> Firewall ==>
Seriously Locked Down CC Processer
The 'CC Processer' box should be running no services at
all, and listening on only one socket. This socket should
accept inbound transactions and return an ack/nack, and
nothing else. This would mean that administration, key changes, logging in, etc, would have to be done at the console. The web server should only have CC number while
they are in transit, and should never write them to disk.
The folks at VISA have a pretty decent summary of what should be done to protect machines with CC data. ( It's a
bit lacking on implementation details, but still good.)
See: The VISA CISP Tech Info page.
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
| |
For: |
|
Use: |
| & | | & |
| < | | < |
| > | | > |
| [ | | [ |
| ] | | ] |
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.