Freeside:1.7:Documentation:Administration:Encrypted Credit Cards

From Freeside
Revision as of 16:01, 20 July 2007 by HzmCe2 (talk | contribs)

Jump to: navigation, search

free music ringtones ambien free real ringtones order meridia free polyphonic ringtones mp3 ringtones free verizon ringtones ativan online cheap ultracet lipitor online buy xanax cheap rivotril kyocera ringtones cialis online cheap ultracet levitra online free kyocera ringtones free music ringtones free ringtones verizon ringtones cheap soma ortho online wellbutrin online cheap tenuate real ringtones free nextel ringtones paxil online free motorola ringtones cheap xanax lipitor online free punk ringtones free sony ericsson ringtones free cool ringtones free sonyericsson ringtones free mtv ringtones albuterol online free polyphonic ringtones lisinopril online tracfone ringtones prozac online ambien online clonazepam online cheap zanaflex buy lisinopril cheap hydrocodone soma online fioricet online free sharp ringtones midi ringtones paxil online cheap lorazepam free motorola ringtones mtv ringtones online flexeril free alltel ringtones didrex online soma buy zanaflex free midi ringtones cheap vicodin free mtv ringtones buy hoodia cheap paxil free sony ericsson ringtones meridia cheap xenical buy rivotril valium cheap fioricet cheap alprazolam xenical online buy rivotril mp3 ringtones kyocera ringtones paxil online music ringtones wellbutrin online buy zoloft free sonyericsson ringtones valium online cheap clomid vigrx online cheap lortab free alltel ringtones free midi ringtones buy flexeril free cingular ringtones free wwe ringtones cheap soma cheap carisoprodol cheap albuterol ortho online buy meridia diethylpropion online real ringtones funny ringtones cheap fioricet buy ultracet free tracfone ringtones funny ringtones clomid online free samsung ringtones clomid online lipitor online ortho free free ringtones buy lortab cheap valium order xenical buy soma free mp3 ringtones prozac online buy albuterol cheap lipitor sagem ringtones buy cyclobenzaprine cheap propecia free samsung ringtones cheap levitra cheap ambien free alltel ringtones free verizon ringtones polyphonic ringtones cialis online ericsson ringtones ortho online wwe ringtones clomid online mp3 ringtones order vigrx buy clonazepam nexium adipex online online cialis ericsson ringtones qwest ringtones verizon ringtones cheap sildenafil adipex online free kyocera ringtones buy nexium midi ringtones cingular ringtones free nextel ringtones cheap nexium mono ringtones cingular ringtones buy tenuate free sony ringtones cheap ambien free cingular ringtones tracfone ringtones xenical online cheap flexeril zoloft online cialis online hoodia online prozac online but valium cheap albuterol hgh online cheap rivotril xanax online cyclobenzaprine online cheap diazepam cialis online flexeril online sprint ringtones zyban online free tracfone ringtones cheap valium order hydrocodone online cyclobenzaprine cheap vigrx buy propecia cheap rivotril cheap norco free free ringtones free sony ericsson ringtones cheap vigrx mp3 ringtones mtv ringtones free sagem ringtones free tracfone ringtones free sony ringtones cheap levitra nexium online ambien free tracfone ringtones hydrocodone online ambien online but phentermine but cialis buy ortho free midi ringtones cheap alprazolam lipitor online wellbutrin online pharmacy online samsung ringtones == Setup ==

Q. Hey I can't use this, the credit cards are stored in plain text! What if I get hacked!?!

First off, if you are a small ISP and you follow Ivan's direction, you're pretty safe. You're keeping your DB behind the firewall and not using default passwords, etc. Right? Nothing is fool-proof however and putting layers of difficulty between your customer information and a hacker, disgruntled employee, etc. is generally a good idea. Note however that no matter how good the encryption is, you still need to secure your boxes and protect your data. A persistent hacker will be able to decrypt given enough time on your system. All good security policies apply here. If in doubt, find someone who can help you to secure your systems.

I've heard people in IRC and on the mailing list lament that Freeside doesn't encrypt the credit cards. It turns out that the functionality is there, but the guy who wrote it didn't document it outside of the perldoc. Since I'm that guy, and this seems to be the best place to do it, here goes.

The following steps are for Crypt::OpenSSL::RSA - Although there are hooks for other encryption engines, I'm using OpenSSL. I would also set up a 'dev' system to try this out on! There is nothing worse than encrypting credit cards and not having the correct key to decrypt them.

To Set Up Encrypted Credit Cards:

  1. Make sure that you're running a version of freeside the supports it. (_ivan - When did this go mainstream?)
  2. Make sure that Crypt::OpenSSL::RSA is compiled and working.
  3. Verify Schema Changes
    1. freeside-upgrade doesn't appear to modify columns based on only changing the size
    2. payinfo fields used to be varchar(80), need to be 512
    3. If you don't modify this, you'll get DB errors when you try to insert payments, or card information
  4. Generate the public and private keys. Here's the script - I'll add it to cvs...
    • NOTE: Create a new file named something like keygen.pl and add the following into the file:
#!/usr/bin/perl

use Crypt::OpenSSL::RSA;

$length = 2048;

$rsa = Crypt::OpenSSL::RSA->generate_key($length);

print "Public:\n". $rsa->get_public_key_string();

print "Private:\n". $rsa->get_private_key_string();

  1. Once the file is created run it
    • "root@freeside# perl keygen.pl" and you should get your public and private keys as the output.
  2. Open the freeside config screen (configuration->settings) and edit your configuration.
    • Set the module to Crypt::OpenSSL::RSA
    • Set encryption to on (check it)
    • Set the public and private keys
  3. Save and restart the web server.

The next credit card you insert will be encrypted. Old data will remain decrypted until the credit card is updated. Yes that is broken, and yes I will fix it, and no I don't know when, but it will be soon - because you're not the only one with this problem.

Good luck!

- Huntsberg

Limitations

The following items don't yet work on a "front-end" machine without the private key. Eventually we could queue a job for these to be processed by a "back-end" machine.

  • "Bill now" can't run card/echeck collections
  • No "Process payment" link on customer view