Problem Solved; Access by many without compromising information
Problem Solved; Access by many without compromising information
(This is a true story about a real problem that was solved
with current and readily available technology.)
While developing self-replicating sites for
essentialoilsrus.com, I came up against an interesting
problem.
Sites are purchased at essentialoilsrus.com by distributors
of a certain line of products. Each replicated site has a
common product database and a common shopping cart. However,
the fulfillment company can not accept orders sent directly
to their server. They must receive orders by telephone or
by FAX.
Product distributors need to FAX or telephone their own
orders.
Emailing orders to individual distributors so they can then
FAX or telephone them to the fulfillment company would not
be secure, thus not acceptable. Using PGP encrypted email
would require training each distributor to use it. Again,
not acceptable.
What's needed:
- Order information needs to be stored on a secure
server and retrieved by individual distributors
so they can then FAX or telephone them to the
fulfillment company. Retrieving from the secure
server must be done without compromising the
personal and financial information of other
distributor's orders.
- When the distributor retrieves orders from the
secure server, the environment of the distributor's
computer can not be known. It might be a computer
in a one-person office or it might be in an internet
cafe where others have access to the same computer.
As much security as possible needs to be implemented
for diverse computer environments.
It was a nice little problem, the kind I enjoy solving.
Security on the Secure Server
Distributors already have usernames and passwords to access
the control panel for customizing their replicated sites.
When a distributor's site receives a product order, the
distributor receives an email with a unique order number.
The username, password, and order number are all required
to retrieve the order's payment and other information from
the secure server.
Thus, even with a stolen username and password, unique order
numbers must be known before an order's information can be
retrieved.
Security in the Distributor's Computer Environment
Implementing as much security as possible in the
distributor's computer environment required more thought
than did the secure server solution.
When the distributor retrieves an order, the order must
be presented in the browser ready to print for FAXing
to the fulfillment company or for reading while
telephoning the order.
Server side programming has its limitations. For example,
while the order is on the screen, nothing can be done
about others looking at it. And the printed copy's
distribution can not be effectively restricted.
However, there were some things I could do.
- Instead of plain text, credit card numbers could be
displayed on the screen with graphics.
- If the distributor saves the page to his/her hard
drive, an extra step of saving the images must be
taken in order to save the credit card numbers.
The numbers on the images appear like the
surrounding text; not saving the images would
reduce such thoughtless security risk.
- The file names of the graphics could be
temporary. Once the page with the order
information is loaded into the browser,
the file names can be deleted.
- Because temporary, randomly generated file names
are used, image file names from any pages saved
to the distributors hard drive could not be used
for determining the credit card numbers of other
saved pages.
- The distributor could be requested to log off when
done. Logging off can delete all information on the
secure server related to the retrieved orders.
Currently, there are several dozen replicated sites at
essentialoilsrus.com. The implemented solution will work
okay when there are several hundred, and even several
thousand, replicated sites.
Question:
Did you find this article interesting and understandable? How can it be improved?
Your response is anonymous.
When done typing, click anywhere outside the box. [more info]
Will Bontrager
©2001 Bontrager Connection, LLC
Please note:
Articles on this website are presented "as is". However -
If you have a question about a CGI script, HTML, CSS, PHP, or JavaScript
Ask one of our Experts and you'll have your answer!
Click here for details.
