Hi ... while this isn't strictly a perl question (well, it may be) I'm sure someone here -- or multiple someones -- know the skinny.

I'm doing work for a client who is on a shared, microsoft IIS server and using a mySQL database on another server to store ecommerce data. When I was hired to manage the site, I was stunned to find unencrypted credit card #'s in the database, some over a year since thier original order.

The first thing I did was set up a PGP system that encrypts -all- the info going into the database, and is only decrypted by a desktop app they can use to check orders, view histories, etc. .... and the data is sent to the webserver over SSL ... and encrypted by the perl GNUGP before being written to the database.

Here's where my paranoia kicks in.

Since this is a shared hosting environment (no SSH or telnet, just FTP) is the memory perl accesses in RAM protected in any way? When I call the external encryption program, is that data at risk? how much? can I protect it?

I really have no idea. All the other projects I've ever done that involve sensitive data were on dedicated servers or on servers where only a select few had any access (ie. not the customers, at all).

So ... there you have it.

- Erik

In reply to Is data in RAM insecure, or am I just paranoid? by theAcolyte

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.