[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freetrade
Subject:    [FreeTrade] Public, private keys
From:       Kent Nguyen <kent () newyen ! com>
Date:       2000-02-26 21:11:26
[Download RAW message or body]

Storing CC in database through the use of public, private keys technology.
Not use if PHP has a function to handle this.

What I envision, on top of SSL.  We can store CC plus expiration date in
database with great ease by encrypting the CC number with a public key.
The only way to decrypt it is through a private key. In essence, having a
hold of the database may render the thieves useless.  It means that we
need to keep the private key in a very safe place ... perhaps in a smart
card.

Just a thought how we can secure customers data.  We can rotate the public
key every so often.

Here are the list of security measures that I can think of:
1)  IP logging
2)  Mal formed URL logging
3)  https 
4)  Admin account last login alert
5)  15-minutes logout after 5 unsuccessful attempts
6)  encrypting CC# using a public key and put the private key somewhere
safe, like on a smart card

This is not a meant to be a solution all e-commerce security issues.  The
best security is to disconnect your ethernet cable from the Internet.
That always work when you're under attack. :)

Kent Nguyen




------------------------------------------------------------
To subscribe:    freetrade-on@list.working-dogs.com
To unsubscribe:  freetrade-off@list.working-dogs.com
Site:            http://www.working-dogs.com/freetrade/
Problems?:       jon@working-dogs.com

[prev in list] [next in list] [prev in thread] [next in thread]