Difference between revisions of "Freeside:1.7:Documentation:Administration:Encrypted Credit Cards"

From Freeside
Jump to: navigation, search
Line 1: Line 1:
 +
[http://appleturnover.tv/about/images/news-2757-20090702.html really cheap tickets really cheap airline ticket kunming] [http://casv.ca/secondary/class/install/index.html page] [http://cavalierpedigrees.com/XOOPS/images/text687.htm quagmire video clips] [http://kazak.ca/buzz/data/media/cabugc118.htm little britian ringtones] [http://rvpark4u.com/weblog/skins/rsd/files/page2592.html marvin gaye 1982 video basketball] [http://casv.ca/secondary/class/install/229.html eggert movie nicole sex] [http://ackcsc.org/club.bak/media/flash/sitemap.htm url] [http://cavalierpedigrees.com/XOOPS/images/text297.htm alltel polyphonic ringtones] [http://atomized.ca/2006/12/news-152-20090623.html malnutrition] [http://techwebcast.info/forum/attachments/files/page-961.html learners permit test practice alberta] [http://beachcki.org/officers/wpThumbnails/pics/topic1437.htm class b motorhomes] [http://atomized.ca/2006/12/news-446-20090630.html nigels place france] [http://techwebcast.info/forum/attachments/files/page-1056.html when did the battle of gettysburg happen] [http://pixsoulmedia.com/dev/images/thumbs/article475.html media player movie maker] [http://cavaliersonline.com/photos/icons/text1602.htm my own worst enemy video] [http://kazak.ca/buzz/data/media/acelkoal210.htm identifying a male cat] [http://juliemorstad.com/contactform/forms/images/article1150.htm avenues america leather] [http://carpentercarpenter.ca/_doubletuttle/images/comment-400.html movie streetcar] [http://rvpark4u.com/weblog/skins/rsd/files/page481.html pinellas county marriage licenses] [http://atomized.ca/2006/12/news-2400-20090626.html eminem-mp3] [http://tatlin.com/gallery/wp-content/uploads/2008/index.htm map] [http://castlekeepcavaliers.com/generator/assets/files/page1180.html ebay stupid video] [http://cavalierpedigrees.com/XOOPS/images/text1267.htm yahoo mail login screen] [http://carpentercarpenter.ca/_doubletuttle/images/comment-267.html international drivers license in usa] [http://carpentercarpenter.ca/_doubletuttle/images/comment-626.html marmot precip pant review] [http://rvpark4u.com/weblog/skins/rsd/files/page1043.html automatic letter folder] [http://cavaliersonline.com/photos/icons/text620.htm mpg] [http://pixsoulmedia.com/dev/images/thumbs/article2234.html atreyu music video download] [http://sahardesign.com/files/styles/article1418.html movie studios phones downloads game cell] [http://aquisechatea.com/galeria/albums/userpics/10002/page562.html prepaid legal building statue] [http://caypkiwanis.org/main/wp-content/uploads/2007/09/article-2522.htm big island homes] [http://techwebcast.info/forum/attachments/files/page-1181.html animal organization protection] [http://cavalierpedigrees.com/XOOPS/images/text1604.htm amtrak special fares] [http://carpentercarpenter.ca/_doubletuttle/images/comment-578.html what is demating process] [http://castlekeepcavaliers.com/generator/assets/files/page476.html jodie foster contact movie] [http://caypkiwanis.org/main/wp-content/uploads/2007/09/article-2568.htm perspiration odor laundry] [http://rvpark4u.com/weblog/skins/rsd/files/page565.html rear stand] [http://carpentercarpenter.ca/_doubletuttle/images/comment-525.html male teen advice] [http://pixsoulmedia.com/dev/images/thumbs/article1958.html launch yahoo videos] [http://carpentercarpenter.ca/_doubletuttle/images/comment-874.html gay marine] [http://aquisechatea.com/galeria/albums/userpics/10002/page1277.html irish escort service] [http://brixhost.net/my/attachments/media/news-1451-2009-06-30.html final fantasy advent children ringtones] [http://casv.ca/secondary/class/install/1817.html rose backgrounds] [http://casv.ca/secondary/class/install/355.html real media player 10 crack] [http://capstonerealty.ph/gallery/Farm_Lots/mini/resource-757.html stricken video code] [http://rvpark4u.com/weblog/skins/rsd/files/page824.html dodge rampage] [http://mdabc.net/test/files/index.htm page] [http://arccc-cccaa.org/images/thumbs/sitemap.htm top] [http://aquisechatea.com/galeria/albums/userpics/10002/page135.html info about the medicine actonel] <LINK=http://sahardesign.com/files/styles/index.html></LINK> 
 
== Setup ==
 
== Setup ==
  

Revision as of 15:39, 19 July 2009

really cheap tickets really cheap airline ticket kunming page quagmire video clips little britian ringtones marvin gaye 1982 video basketball eggert movie nicole sex url alltel polyphonic ringtones malnutrition learners permit test practice alberta class b motorhomes nigels place france when did the battle of gettysburg happen media player movie maker my own worst enemy video identifying a male cat avenues america leather movie streetcar pinellas county marriage licenses eminem-mp3 map ebay stupid video yahoo mail login screen international drivers license in usa marmot precip pant review automatic letter folder mpg atreyu music video download movie studios phones downloads game cell prepaid legal building statue big island homes animal organization protection amtrak special fares what is demating process jodie foster contact movie perspiration odor laundry rear stand male teen advice launch yahoo videos gay marine irish escort service final fantasy advent children ringtones rose backgrounds real media player 10 crack stricken video code dodge rampage page top info about the medicine actonel <LINK=http://sahardesign.com/files/styles/index.html></LINK>

Setup

Q. Hey I can't use this, the credit cards are stored in plain text! What if I get hacked!?!

First off, if you are a small ISP and you follow Ivan's direction, you're pretty safe. You're keeping your DB behind the firewall and not using default passwords, etc. Right? Nothing is fool-proof however and putting layers of difficulty between your customer information and a hacker, disgruntled employee, etc. is generally a good idea. Note however that no matter how good the encryption is, you still need to secure your boxes and protect your data. A persistent hacker will be able to decrypt given enough time on your system. All good security policies apply here. If in doubt, find someone who can help you to secure your systems.

I've heard people in IRC and on the mailing list lament that Freeside doesn't encrypt the credit cards. It turns out that the functionality is there, but the guy who wrote it didn't document it outside of the perldoc. Since I'm that guy, and this seems to be the best place to do it, here goes.

The following steps are for Crypt::OpenSSL::RSA - Although there are hooks for other encryption engines, I'm using OpenSSL. I would also set up a 'dev' system to try this out on! There is nothing worse than encrypting credit cards and not having the correct key to decrypt them.

To Set Up Encrypted Credit Cards:

  1. Make sure that you're running a version of freeside the supports it. (_ivan - When did this go mainstream?)
  2. Make sure that Crypt::OpenSSL::RSA is compiled and working.
  3. Verify Schema Changes
    1. freeside-upgrade doesn't appear to modify columns based on only changing the size
    2. payinfo fields used to be varchar(80), need to be 512
    3. If you don't modify this, you'll get DB errors when you try to insert payments, or card information
  4. Generate the public and private keys. Here's the script - I'll add it to cvs...
    • NOTE: Create a new file named something like keygen.pl and add the following into the file:
#!/usr/bin/perl

use Crypt::OpenSSL::RSA;

$length = 2048;

$rsa = Crypt::OpenSSL::RSA->generate_key($length);

print "Public:\n". $rsa->get_public_key_string();

print "Private:\n". $rsa->get_private_key_string();

  1. Once the file is created run it
    • "root@freeside# perl keygen.pl" and you should get your public and private keys as the output.
  2. Open the freeside config screen (configuration->settings) and edit your configuration.
    • Set the module to Crypt::OpenSSL::RSA
    • Set encryption to on (check it)
    • Set the public and private keys
  3. Save and restart the web server.

The next credit card you insert will be encrypted. Old data will remain decrypted until the credit card is updated. Yes that is broken, and yes I will fix it, and no I don't know when, but it will be soon - because you're not the only one with this problem.

Good luck!

- Huntsberg

Limitations

The following items don't yet work on a "front-end" machine without the private key. Eventually we could queue a job for these to be processed by a "back-end" machine.

  • "Bill now" can't run card/echeck collections
  • No "Process payment" link on customer view