Storing Sensitive Information In A Database
Jul 9, 2009
I just want an expert opinion if what I am doing should be considered to be secure (or if there is a more secure way to do what I am doing). I made our hotel's online reservation system and it stores the guests' credit card information.
The card is encrypted using AES (MCRYPT_RIJNDAEL_128) and the key that is used to encrypt/decrypt must be entered from the client side in order to log in. It is not stored on the server. So that my employees do not have to enter it every time they want to log in, it is stored in a cookie on their computer or entered manually if the cookie is deleted. When logged in, I have the key stored in a _SESSION variable in a subdirectory of that account's home directory and have the following attributes (for example):
Quote:
-rw------- 1 nobody nobody 0 Jul 9 16:48 sess_c1744d96fe87def6814db2c5936e1b1d
Does this seem like a secure enough way to store/encrypt/decrypt credit card data?
View 5 Replies
ADVERTISEMENT
Jul 22, 2007
For starters im using mysql Server version: 5.0.32-Debian_7etch1-log Debian etch distribution.
What i did :
a) i run out of space on var partition, so i figured that i will copy my /lib/mysql to other partition (/mnt/hdb) and change only in my.cnf path to it.
b) I did so, and after launching mysql again i got several of this :
Could not retrieve from database: Incorrect information in file: './database/******.frm'
c) when i copy it back to my old location (and change back my : my.cnf) , same result errors
I cant lose my database:
View 1 Replies
View Related
Jun 26, 2007
I have a client who specializes in providing training for high-end CAD/CAM applications. They have training modules (currently in .ppt format mostly) that they want to store securely on the server and give out access only to approved customers. Additionally, they want to ensure that these training modules never fall into the hands of their competitors- that is, no downloads.
Does anyone have experience with this kind of thing? Based on their requirements, a few possible solutions come to mind:
1.) Put the training modules in a subdomain that is password protected. Additionally, encrypt the traffic with SSL etc. However, this doesn't solve the problem of users being able to download the files and do what they want with them. Also, it isn't possible to view .ppt files online in a browser, as far as I know.
2.) Use a solution similar to what Lynda.com has. They have an entire online library of training videos that are available 24x7, but customers can only view it, not download it. I think they use some solutions from Adobe to make this possible.
View 10 Replies
View Related
Feb 14, 2007
I have a busy dating website with 30 000 registered users and ~200-600 users online all the time. I would like to offer free email with ~10 MB mailbox to all users.
I have an idea to use scripts provided by b1gmail.de. Its similar to Hivemail or Socketmail. It uses only one POP3 catch-all mailbox and stores all emails in MySQL database, including attachments.
My worries are about MySQL. If I have 30 000 users and each user has some 5000 messages in his/her mailbox:
30 000 x 5 000 = 150 000000
That's 150 million rows in one table!
I know, not all users will have 50000 messages in their mailboxes, but the number of users increases about +2000/month.
I can't imaggine how long time will need MySQL to find messages for each user in the table with 150 000000 rows.
I don't know - maybe it's not a problem at all. I just never had such large tables and I don't know if it's possible at all.
Another problem: I have Fedora Core 2 installed and even don't know yet if it supports files larger than 2 GB.
Maybe it's better to set-up normal POP3 mailboxes for all users instead of using one catch-all box and storing data in MySQL?
do not post warnings about spammers. In the beginning I'll provide email addresses only to "gold" members. I opened this thread because I don't want to set-up a system which will hang after a couple of months because MySQL will not be able to handle it or I will have other unknown problems.
View 4 Replies
View Related
Feb 29, 2008
I am working towards launching a site that, among other things, will be a repository for sensitive data on war crimes. As these crimes are ongoing, and occur in a location where assassinations are endemic, I need to develop a comprehensive security strategy that takes into account all levels of the interface between end user / witness and the site / database itself.
I have considered, but am open to insight and advice on, the following:
1. Data security laws in given countries, in order to ensure the privacy and integrity, as much as possible and away from political / state interference, of data communications. Concerns include the interception of data in transfer and the security of stored data (the United States and the UK are almost certainly cancelled out in this regard. Canada appears significantly better, though Greece, it appears, has the greatest level of legislative protection).
2. Encryption as a technique to ensure the security of transfered and stored data. I am particularly interested in best practice advice on encryption.
3. Javascript as a means to establish a more secure interface between the end user (i.e., the browser interface) and the secured database into which sensitive data will be inputed. Has anyone used this, or other techniques of overcoming the inherent insecurity of the browser interface?
4. Various best practices concerning php, MySQL and Apache security. Any and all advice, or guidelines, welcome.
5. Considerations relative to dedicated hosting, and also colocation hosting as an option.
In general, my problem is to ensure that the identities of witnesses, so much as is technically conceivable, can be protected from extra-judicial interference or surveillance. Nothing about this site will be illegal in any way. The problem is that the witness testimony will be about the actions of a powerful state that has demonstrated its disrespect for law.
Ideally I'd find in these forums a few individuals with whom I could discuss these technical matters off-forum. At the same time, general responses would be values.
The site that I'm building is non-profit (indeed zero budget) and does not represent any political party. It's a people's initiative, against aggressive violence and in support of international law.
View 1 Replies
View Related
Jun 22, 2008
I am moving one of my site from windows to centOS hosting. The problem is that the new server is case sensitive for folders and file names. I had all my folders in capital letters previously and also all my links inside pages(www.domain.com/FOLDER/Page-Name.php).
I have nearly 1000 pages and most of them are indexed in google in this format
[url]
Now i have renamed all my folders, files and links inside the files to absolute lowercase.
View 4 Replies
View Related
Oct 30, 2008
Is there a way in shell, to find out information on the CPU(s) in the server?
I'm using Centos, on a cPanel server. However, I'm looking for more info than what WHM's "Server Information" provides.
Trying to find out what generation Xeon is in the server, so I can read about it's specs.
View 6 Replies
View Related
Jul 18, 2007
I am interesting for VPS but iwant windows 2003 with mssql2005 installed...
is there any company supporting this?
View 5 Replies
View Related
May 6, 2007
How do you get like for example ROOT of cPanel in a VPS? How would you be able to use it besides like giving permission to use WHM and stuff on accounts. As doesn't remote reboot and such have to happen on the whole server?
View 5 Replies
View Related
Mar 24, 2009
I am moving my servers this week and my new host doesn't do domain hosting. This is my first time doing it, I need help in pointing my domain to the new server. I just need the basic settings for A, CNAME and MX records.
View 13 Replies
View Related
Feb 18, 2009
I understand that servers can do automatic backups of information, yet I also see forum modifications that enable simple ways of doing a backup. Are there different types of backups? Why is it necessary to manually backup a forum database when its done automatically by the server? In terms of assuring the data, what is required and whats a typical procedure, what does it entail, is it manual and if so usually how often, or is it usually automatic?
View 2 Replies
View Related
May 25, 2008
it looks good and the prices are reasonable, I wonder if anybody has had any experience with them.
View 2 Replies
View Related
Oct 28, 2007
how may i can understand full information of my server for example my hdd is sata or ide
whats my memory and ... my server is centos
View 11 Replies
View Related
Sep 16, 2009
What is best source of information about cloud computing?
View 5 Replies
View Related
Apr 10, 2009
is it way to protect Reverse IP information ?
I mean someone can't see friend sites in same vps/server.
This is my domain ( godaddy )
[url]
And another domain ( not me )
[url]
View 1 Replies
View Related
Mar 24, 2009
Whois for a run when a particular IP it shows the location of the IDC as information.
I wonder what IDC Servers rent that information to the Whois IP can be changed so not knowing where it is being rented.
View 1 Replies
View Related
Jun 23, 2008
in cpanel the account information (like email address, space, bandwidth, etc..) stored on /var/cpanel/users/<username>.
I want to know where is stored user account informstion on PLESK?
View 3 Replies
View Related
Jan 31, 2008
I was checking my server information today on WHM panel and this is what I saw:
Processor #1 Vendor: GenuineIntel
Processor #1 Name: Intel(R) Core(TM)2 CPU 6700 @ 2.66GHz
Processor #1 speed: 1596.000 MHz
Processor #1 cache size: 4096 KB
Processor #2 Vendor: GenuineIntel
Processor #2 Name: Intel(R) Core(TM)2 CPU 6700 @ 2.66GHz
Processor #2 speed: 2660.000 MHz
Processor #2 cache size: 4096 KB
Why is the Processor #1 speed labeled as 1.6 ghz? Processor #2 speed never goes down no matter how high the load is. Could it be the reason that my server can't handle 4 websites with a cumulative total of 20k unique hits per day?
View 8 Replies
View Related
May 9, 2008
We are planning for a clustering archirecture for our mail servers,The basic idea is put all of mailservers behind a load balancer which will monitor and distribute the n/w load as server load and forward the requests accordingly can u suggest any good hardware loadbalancer which could give us 'server load balancing' as well as n/w load balacing.
I would also like to know if it is a good idea to go for a software load balancer(like linux heartbeat) or to h/w load balancer.
View 10 Replies
View Related
Feb 19, 2007
Someone knows how to block viewing "information schema" for unprivileged users? When accessed, it causes abnormal load to server.
View 1 Replies
View Related
Apr 9, 2008
You use FCName for setting cnames in the dns info. for google apps like calender, docs etc., right!!! then how do you provide the ttl values.
View 2 Replies
View Related
Apr 21, 2009
I am Smith Lewis. I am here because I am looking for some information on web hosting services. I hope all you my friends help me in the same.
View 3 Replies
View Related
Jan 17, 2009
Where can find uptime information of hostgator?
View 13 Replies
View Related
Apr 14, 2008
From Linux Shell, I need to back up a mysql database, JUST the data, NO Table information. Which options in mysqldump do I use?
View 14 Replies
View Related
Dec 10, 2008
Is there any php scripts that can show the information of HW/SW of the web server?
View 1 Replies
View Related
May 13, 2013
When I login to plesk as admin and then Tools and settings and then backup manager and choose backup and then Server configuration and content and run backup, after 2-4 minutes i see backup process failed and then i see "Backup log information is not available" what should i do?
View 2 Replies
View Related
Jun 8, 2008
I am trying to get a hold of the abuse department of Layered Technologies. They host a splog which is continually ripping my content - takes the content down after a complaint - just to publish it again after a few hours.
I only have sales@layeredtech.com - and even so they promise to forward the request - the latest rip is from yesterday evening and still on the other site.
I really like to have this resolved.
View 14 Replies
View Related
