Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

A little extra security


Guest

Recommended Posts

Going through the DB I noticed that CC numbers aren't encrypted in anyway. Barring me missing a Configuration Option I think this is a rather big problem.

 

God forbid someone gets into my system or just access to the DB, they now have tons of CC's (I like to pretend one day I'll have tons of orders ::)

 

Has anyone thought of running at least MD5 hash on orders that have been processed? Or at whatever Order_Status you set?

 

Because at some point there really shouldn't be a need for a CC#?

 

Thoughts? A little help?

 

Thanks

Link to comment
Share on other sites

Admin -> Configuration -> Modules -> Credit Card

 

Edit to "Split Credit Card E-Mail"

Local: Mac OS X 10.5.8 - Apache 2.2/php 5.3.0/MySQL 5.4.10 • Web Servers: Linux

Tools: BBEdit, Coda, Versions (Subversion), Sequel Pro (db management)

Link to comment
Share on other sites

This helps somewhat... I think my situation might not really allow this to work. But it is definitely something to think about.

 

I think I'm going to write a function to encode the CC's fully after the Status is changed though.

 

If it's clean enough I'll make a contribution out of it.

 

Thanks for the head's up, dunno how I missed the Split before.

Link to comment
Share on other sites

There already is at least one contribution that does the encryption. But you need to keep the key in the files, so it may not be all that helpful.

 

I use the "split" method and delete the info from the database after filling the order (paper records are kept.) That way the whole number is not in the database and all the CC info goes away soon.

Link to comment
Share on other sites

yes that is a issue, but I dont think it effects many people which is the reseson there are not many solutions

 

most people use Processing services like Authorize.net so there is no need for the storage of the numbers, it is all handled by the processor

Link to comment
Share on other sites

Some day I too hope to be able to use an automatic processing site/script. Amazing how some people are such techno dinosaurs.

 

Thanks for the feedback.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...