Where do I store sensitive information? - PHP Server Side Scripting forum at WebmasterWorld - WebmasterWorld

Forum Moderators: coopster

Message Too Old, No Replies

Where do I store sensitive information?

New to LAMP environment

BradleyT

4:44 pm on Mar 6, 2008 (gmt 0)

10+ Year Member

I have a pay online page that submits info to paypal to process a credit card payment. This is all done under SSL and we have a cert and all that but I'm more concerned with our company sensitive information that gets passed in along with the request.

The first 4 fields (user,vendor,partner,password) contain our sensitive company information that gets passed in the request. This is the same data that gets you into paypal manager which pretty much controls your entire account.


 $plist = 'USER=' . $this->user . '&';
 $plist .= 'VENDOR=' . $this->vendor . '&';
 $plist .= 'PARTNER=' . $this->partner . '&';
 $plist .= 'PWD=' . $this->password . '&'; 
 $plist .= 'TENDER=' . 'C' . '&'; $plist .= 'TRXTYPE=' . 'S' . '&'; / 
 $plist .= 'ACCT=' . $card_number . '&'; 
 $plist .= 'EXPDATE=' . $card_expire . '&';
 $plist .= 'NAME=' . $data_array['name'] . '&';
 $plist .= 'AMT=' . $amount . '&';

Right now I have those 4 fields hardcoded above this section but I'm thinking that's probably not the best place to store the info (right in the script).

Any suggestions? Two way encryption in the database?

vfoo

6:02 pm on Mar 6, 2008 (gmt 0)

10+ Year Member

bingo on the encryption from a database for your paypal account numbers.

That said, you should also never store your customers CC#s and expiration dates in your database if you can avoid it. If you are going to do it that needs to be very secure. (It is far more common to hack your database than your web front end, the data is what a professional hacker is after anyway.)

You have the same issue however if you store your key or key(s) to your encryption algorithm on the server as well. (2 way Encryption = nothing is system is fully compromised.)

My usual route: Store values in database only when absolute necessary. We use RSA 2 way encryption for this, however method / provider really depends on what OS I was on at the time. Store keys to the encryption outside of the web root whenever possible (again dependent on environment).

There are even more secure ways than this of course, (middle tier certifying authority (either yours or another company) being the absolutely most secure way to store keys.)

"Best Case" depends on your liability (what data you hold) and your cost barriers.

HTH
vfoo

cameraman

6:15 pm on Mar 6, 2008 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Store the info in a file that's above the document root, then use include or require to get it into your processing script. If you don't have access to the file system above the document root, set up a directory that doesn't have 'public' access by setting the directory permission to 0600 - you may have to play with that a bit depending on how the server is configured. I generally doubly protect such a directory with an .htaccess file that denies access.

Since the information doesn't need to be changed by script, you can also set the file's permission to 0400 wherever it resides. If your script winds up not being able to read the file, it may help to write a script to create the file so that the scripts own it instead of your ftp user name.