Re: Help

#1 Tue, 06/03/2008 - 14:21

Posts: 3
Joined: 06/03/2008

I am new to ubercart.org and have been reviewing the code from a security point of view.

My question is, why are you not using the built-in MySQL functions for cc data?

AES_ENCRYPT()
AES_DECRYPT()

These functions are easy to implement and use a proven algorithm. The passphrase can be stored in a file below the server root to improve security.

These functions will protect against hackers reading cc info after gaining database access through backups or SQL injection.

GPG is even stronger because it doesn't require a passphrase stored on the server, it is a little harder to implement but worth it IMHO.

I apologize if I am missing something obvious but I had to ask.

Regards,

Bob

CC encryption in Bazaar, needs testing By: Ryan (19 replies) Wed, 01/23/2008 - 16:18

Re: CC encryption in Bazaar, needs testing By: bmagistro (06/03/2008 - 15:56)
Help By: cdeverapalli (03/09/2008 - 16:53)
- Re: Help By: bobwm (06/03/2008 - 14:21)
  - Re: Re: Help By: Ryan (06/03/2008 - 15:01)
    - Postgres functions By: bobwm (06/03/2008 - 20:03)
      - Re: Postgres functions By: Ryan (06/04/2008 - 09:20)
    - Ryan wrote:Hey Bob, I'm glad By: bobwm (06/03/2008 - 19:01)
Re: CC encryption in Bazaar, needs testing By: lostcarpark (02/06/2008 - 20:28)
- Re: Re: CC encryption in Bazaar, needs testing By: Ryan (02/06/2008 - 23:33)
  - Re: Re: Re: CC encryption in Bazaar, needs testing By: TR (03/04/2008 - 17:24)
    - Re: Re: Re: Re: CC encryption in Bazaar, needs testing By: torgosPizza (03/04/2008 - 17:50)
    - TR, Yes, as I see it, the By: TCS (03/04/2008 - 17:49)
Re: CC encryption in Bazaar, needs testing By: bmagistro (01/31/2008 - 16:51)
- Re: Re: CC encryption in Bazaar, needs testing By: torgosPizza (02/05/2008 - 13:31)
  - Re: Re: Re: CC encryption in Bazaar, needs testing By: Ryan (02/05/2008 - 14:03)
    - Re: Re: Re: Re: CC encryption in Bazaar, needs testing By: torgosPizza (02/05/2008 - 14:51)
      - Re: Re: Re: Re: Re: CC encryption in Bazaar, needs testing By: Ryan (02/05/2008 - 15:22)
        Re: Re: Re: Re: Re: Re: CC encryption in Bazaar, needs testing By: torgosPizza (02/05/2008 - 15:56)
Re: CC encryption in Bazaar, needs testing By: torgosPizza (01/23/2008 - 17:44)

	Drupalcon DC
	Vote now to learn more about Ubercart in these sessions: Ubercart on Drupal 6

	Ubercart Affiliates
	Find payment and hosting services in our Affiliate Directory that support Ubercart development.

	User login
	Username: * Password: * Create new account Request new password

	Fast Invoicing
	We use and recommend FreshBooks for project time tracking and client invoicing.

Ubercart