steve at holdenweb.com
Mon Oct 9 10:36:40 CEST 2006
Lawrence D'Oliveiro wrote:
> In message <mailman.98.1160379324.11739.python-list at python.org>, Steve
> Holden wrote:
>>Lawrence D'Oliveiro wrote:
>>>In message <mailman.1374.1160073684.10491.python-list at python.org>, Steve
>>>>Credit card numbers should be encrypted in the database, of course, but
>>>>they rarely are (even by companies whose reputations imply they ought to
>>>How would encryption help? They'd still have to be decrypted to be used.
>>Indeed they would, but with proper key management the probability that
>>they can be stolen from a database in their plaintext form is rather
>>lower. Just last week a police employee in my class told us of an
>>exploit where a major credit card copmany's web site had been hacked
>>using a SQL injection vulnerability. This is usually done with the
>>intent of gaining access to credit card data.
> If they can do that, it doesn't seem much of a step to compromise the code
> that decrypts the credit card data, as well. Keeping it encrypted, when the
> key needs to be kept at the same (in)security level, is just
It depends on what level of compromise they obtain through SQL
injection. It does represent a significant additional burden on
attackers before sensitive data becomes known. Clearly if someone mounts
a successful privilege escalation attack then potentially everything on
the system is compromised.
Note further, by the way, that credit card numbers need not necessarily
be decrypted to be used: if you are the credit card processor (rather
than a merchant requiring payment) then you can instead encrypt the card
number provided by the user and use that as your database key.
Steve Holden +44 150 684 7255 +1 800 494 3119
Holden Web LLC/Ltd http://www.holdenweb.com
Skype: holdenweb http://holdenweb.blogspot.com
Recent Ramblings http://del.icio.us/steve.holden
More information about the Python-list