Nobody's Hero
08-12-2003, 10:04 PM
I'm trying to securely handle credit card numbers. User enters their info in a form, it is transferred securely using SSL to my server. On my server, it is encrypted using GnuPG and emailed to me.
My concern is what happens with the data while it's on the server. The scripts that handle the data are written in PHP. The only solution I could come up with was to write the information to a temp file (in plain text) encrypt it, then delete the plain text file. The plain-text file only exists for a few milliseconds, but for those few milliseconds anyone who can get past the basic username/password security of my webserver could access the file. It's not too hard to write a little script like "while (1>0) { cp * /permanent/location/; }" and grab the data in those few milliseconds.
Any way to do this better?
I know their are many packages and things pre-written out there, but I don't want to use them for two reasons. One, I'm trying to learn. Two, it is a somewhat unique situation. This isn't being used for e-commerce in the traditional sense. What I am doing is trying to make a technical support team more efficient. The company I work for has a tech support team that is swamped with phone calls. In an effort to get them off the phone quicker so they can help the next customer, I am trying to eliminate the need for data entry in the case where a warranty replacement is needed. The tech support guy just enters the email address, item number, and s/h cost. An email is then sent to the end-user with a link that contains there RMA. They then enter payment info and their address themselves instead of tech support guys having to do it. Then, there info gets emailed to someone, printed, and the order processed.
My concern is what happens with the data while it's on the server. The scripts that handle the data are written in PHP. The only solution I could come up with was to write the information to a temp file (in plain text) encrypt it, then delete the plain text file. The plain-text file only exists for a few milliseconds, but for those few milliseconds anyone who can get past the basic username/password security of my webserver could access the file. It's not too hard to write a little script like "while (1>0) { cp * /permanent/location/; }" and grab the data in those few milliseconds.
Any way to do this better?
I know their are many packages and things pre-written out there, but I don't want to use them for two reasons. One, I'm trying to learn. Two, it is a somewhat unique situation. This isn't being used for e-commerce in the traditional sense. What I am doing is trying to make a technical support team more efficient. The company I work for has a tech support team that is swamped with phone calls. In an effort to get them off the phone quicker so they can help the next customer, I am trying to eliminate the need for data entry in the case where a warranty replacement is needed. The tech support guy just enters the email address, item number, and s/h cost. An email is then sent to the end-user with a link that contains there RMA. They then enter payment info and their address themselves instead of tech support guys having to do it. Then, there info gets emailed to someone, printed, and the order processed.