in reply to collecting sensitive data
I'm the wet blanket of despair... It's very good that you're asking. It's kinda bad that you're trying. There are many ways to mess this stuff up and doing it for a real live social-security/bank-account site the first time out of the gate is what I would call a really bad idea. Here is a partial list of concerns and ideas-
- All requests with sensitive information (including sign-in) must be under HTTPS configured and set up on a guaranteed host; cookies must never contain customer information.
- Cookies should be secure and httponly.
- Taint all input. Escape all output.
- Encrypt/salt passwords so they can't be discovered, reversed, or found in a lookup table.
- Encrypt the stored financial and personal data. Keep the keys in a separate location; i.e., not the database.
- Limit all access to all resources to the smallest possible permissions/connectivity needed to run.
- Run everything as an untrusted user so you can't make dangerous mistakes.
- Bone up on PCI compliance. Follow it.
- Read OWASP. Take it all seriously.
- Raise the bid on your contract, or eat the cost, to hire someone who has done all this several times to audit the project when you're close to a production release.
Good luck and stay scared. It makes more secure apps.
Update: changed PCI link to the one grep provided; it's better. Update:update: removed a redundant/awkward sentence.
Update: added OWASP and HttpOnly notes.
|
---|
Replies are listed 'Best First'. | |
---|---|
Re^2: collecting sensitive data
by ig (Vicar) on Jul 17, 2009 at 06:32 UTC | |
Re^2: collecting sensitive data
by casimo (Sexton) on Jul 17, 2009 at 00:23 UTC | |
by Your Mother (Archbishop) on Jul 17, 2009 at 02:41 UTC | |
by Your Mother (Archbishop) on Jul 17, 2009 at 07:21 UTC |
In Section
Seekers of Perl Wisdom