[Zope] Re: [ZCommerce] Secure storage of credit card info

[Cary O'Brien]

> -> > You have a ZCommerce site.  You accept credit cards, and securely
> -> > communicate with a CC processor to verify the transacton.  Now,
> 
> 	Besides Bill's suggestion, keep all your servers behind a good
> firewall.  One option is to use Linux IP Masquerading, having your
> webserver *and* database server use 192.168.0.??? IP Addresses.  Then,
> turn on port forwarding on your Masq server, so that all incoming requests
> on port 80 go to (something like) port 8080 on your webserver, which then
> responds to the request.
> 
> 	You could just use an encrypted filesystem on the database server,
> although that may be too slow (and possibly overkill?).  At that point
> --assuming your firewall is secured-- you'd more or less need physical
> access to your internal network to see those CC#s.  The only real danger
> left is a misconfiguration (or bad code) in your webserver software.
> (read: don't use IIS :)
> 

I would work from the assumption that, worst case, your web server
machines may get rooted, either from external attacks or from internal
"human engineering".  And that people can modify your software and
install sniffers. [1] Especially if you have a lot of people modifying
content on that machine.

That's why you get the best protection with a separate machine,
firewalled off, with limited access, plus Public key encryption.

If you get rooted and you don't know about, you've lost the game.  If
you get rooted and you find out, you've only lost those CC numbers
that were processed while you were compromised.

My 2 cents.

I'd be interested to hear alternate viewpoints.

-- cary (who worries alot)

[1] Which is why switches (rather than dumb hubs) are nice.