Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Why are credit card numbers not encrypted in db?


bitera

Recommended Posts

I was wondering why the credit card information stored in the osc database is not encrypted with MD5 and is plain text. Can this be done, I would feel more comfortable if it was encrypted. Also is there a way to add a button to the order page to quickly erase the stored credit card so that it is not kept in the databse.

 

TIA,

 

John

--

 

John Cannon

Link to comment
Share on other sites

If it was hashed with MD5, you'd never be able to retrieve it. What is usually good enough is to use the "Split credit card e-mail" option. This will e-mail half the number to you and put the other half in the database, so that the whole number is not in one place. This, combined with the Card Zapper contrib is good enough.

 

Full encryption is possible but difficult. You can use symmetric encryption if you don't mind embedding the key in the PHP file. If you want Public Key Encryption, that requires that you install and configure something like GPG, and that's a whole 'nother level of effort.

Link to comment
Share on other sites

  • 2 weeks later...
If it was hashed with MD5, you'd never be able to retrieve it.  What is usually good enough is to use the "Split credit card e-mail" option.  This will e-mail half the number to you and put the other half in the database, so that the whole number is not in one place.  This, combined with the Card Zapper contrib is good enough.

 

Full encryption is possible but difficult.  You can use symmetric encryption if you don't mind embedding the key in the PHP file.  If you want Public Key Encryption, that requires that you install and configure something like GPG, and that's a whole 'nother level of effort.

Then how are passwords stored encrypted. I have written PHP programs that use MD5 encryption and it shouldn't be an issue retrieving an MD5 field. I will try to do this and if I figure it out I will post a contribution. Thanks for you input.

 

John

--

 

John Cannon

Link to comment
Share on other sites

Then how are passwords stored encrypted.  I have written PHP programs that use MD5 encryption and it shouldn't be an issue retrieving an MD5 field.  I will try to do this and if I figure it out I will post a contribution.  Thanks for you input.

 

John

Please PM me when you have a solution to this. :thumbsup:

Link to comment
Share on other sites

The MD5 hash is a one-way hash. When the user sets the password, the hash is computed, along with a "salt" value that varies so that the same password doesn't always hash the same, and the hash is stored in the database. When the user logs in, the password they type in is hashed with the same salt and the result is compared to what is in the database.

 

The MD5 hash is an authentication mechanism, but it is not reversible. If you find a way to do it, there are a lot of cryptographers who would like to talk to you.

 

Note that the hash is not "encryption", which presumes a decryption ability. You can encrypt with PHP using a variety of methods. If you can protect the PHP script, you can store the encryption key in the script, and this would allow retrieval, but I would consider that insecure.

 

The way that "Lost password" works is to generate a new, random password and send it to the customer. The old password is not recoverable.

Link to comment
Share on other sites

The MD5 hash is a one-way hash.  When the user sets the password,  the hash is computed, along with a "salt" value that varies so that the same password doesn't always hash the same, and the hash is stored in the database.  When the user logs in, the password they type in is hashed with the same salt and the result is compared to what is in the database.

 

The MD5 hash is an authentication mechanism, but it is not reversible. If you find a way to do it, there are a lot of cryptographers who would like to talk to you.

 

Note that the hash is not "encryption", which presumes a decryption ability.  You can encrypt with PHP using a variety of methods.  If you can protect the PHP script, you can store the encryption key in the script, and this would allow retrieval, but I would consider that insecure.

 

The way that "Lost password" works is to generate a new, random password and send it to the customer.  The old password is not recoverable.

Thanks Steve, I was browsing the database with phpMyAdmin and noticed that passwords are stored in original format and other information is not. I am working on a different area right now but hope to visit this area soon.

 

I am also looking to add an item to the order viewing that will allow cc numbers to be erased from the database so they are not even stored. My client does not want to have to read parts from an email then the database. I know this is an obscure issue but I think it makes sense to at least add some encryption to the sensitive data.

 

John

--

 

John Cannon

Link to comment
Share on other sites

What do you mean that "passwords are stored in original format"? Did you mean the credit card numbers?

 

There is already a contribution to erase the credit card numbers from the database. http://www.oscommerce.com/community/contributions,1072

 

You can encrypt the credit card numbers if you like. The easiest way is if the key is in the script. There is also a contribution that uses GPG (public key encryption) that is very secure, but also rather difficult to implement as it requires installing and configuring a GPG program on your host and the store administrator having a client which can use GPG (or PGP) to decrypt encrypted e-mail.

Link to comment
Share on other sites

What do you mean that "passwords are stored in original format"? Did you mean the credit card numbers?

 

There is already a contribution to erase the credit card numbers from the database.  http://www.oscommerce.com/community/contributions,1072

 

You can encrypt the credit card numbers if you like.  The easiest way is if the key is in the script.  There is also a contribution that uses GPG (public key encryption) that is very secure, but also rather difficult to implement as it requires installing and configuring a GPG program on your host and the store administrator having a client which can use GPG (or PGP) to decrypt encrypted e-mail.

Sorry mistyped meant passwords were not in original format and not readable using phpMyAdmin. It's been a 7 day week for me. Thanks for the contribution that is great.

--

 

John Cannon

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...