Thanks for all of the responses. There are a couple of clarifications that
I'd like to discuss.
1) We do real-time delivery of the digital content. This means that we have
to have an authorization in real-time, so any authorizations done with an
encrypted, saved credit card of a repeat customer mean that the server that
is processing the transaction must have access to the key/passphrase.
2) Encryption strength is to me like the walls of the safe. There is
encryption out there that will make a brute-force attack sufficiently
unprofitable -- like getting through a safe with 10 foot thick walls.
However, even a safe with 10 foot thick walls is still insecure if you store
the key under the doormat. Hiding the key in your mind is the best, but it
won't work in a real-time situation. We have to enable the servers to
perform the decryption.
My suggested solution to this was to store a portion of the solution in the
user's cookie. Thus, only the user has the ability to enable a transaction
to be processed, and even then only by connecting to our servers with the
original computer that has the cookie. This allows us to distribute the keys
in as many different locations as possible, and the only noon-brute force
way for a criminal to hack our database would be to get the cookie values
from the individual users on their next connection. From the reverse
perspective -- a random web site reading the user's cookies through a web
browser security hole -- the cookie can only yield credit card info if you
hack our database to get the other piece.
As for displaying the saved credit card to the user for editing in a form, I
would do it as we do passwords -- we return a dummy value in the form field.
If on submission, the dummy value is altered, then the user has made a
change and we save that info. Of course, all forms would be submitted under
SSL.
In general, I have received several personal communcations regarding this
matter. I will share any info that I glean.
Matt
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
