Smartstore icon indicating copy to clipboard operation
Smartstore copied to clipboard
verified publisher icon smartstore

Recording and security of credit cards in the database

Open suatsuphi opened this issue 2 years ago • 8 comments

Hi,

In general, I think it is not secure to save credit cards in a database. Nevertheless, if a credit card needs to be saved, very security measures should be taken. I am also thinking of something for this on the coding side.

For example, encrypting user passwords and each credit card separately. In this way, Even if someone hacked the database, the credit card details would not be accessible because user passwords would be inaccessible.

Credit cards will not be visible in the admin panel - there is no need for them to be visible. When I change the encryption algorithm... the program gives an error. DecryptTextFromMemory can we put this part in try catch block?

private static string DecryptTextFromMemory(byte[] data, string privateKey)
{
    try
    {
        var key = Encoding.ASCII.GetBytes(privateKey[..16]);
        var iv = Encoding.ASCII.GetBytes(privateKey.Substring(8, 8));

        using var algo = CreateAlgorithm();
        using var ms = new MemoryStream(data);
        using (var cs = new CryptoStream(ms, algo.CreateDecryptor(key, iv), CryptoStreamMode.Read))
        {
            using var sr = new StreamReader(cs, Encoding.Unicode);
            return sr.ReadLine();
        }
    }
    catch
    {
        return ""; 
    }
}

1- Can a hacker with access to the database and admin panel decrypt users' passwords? https://ibb.co/8Pd3mB2

2- If a person knows the admin panel password and has the database, he can access all credit card information from the panel. I want to use Encrypt user passwords for this. I think to make it impossible to access credit card information in this way?

suatsuphi avatar Oct 29 '23 09:10 suatsuphi

Hi, I would not recommend storing credit card data on your own. There are countless services providing processing credit card payments absolutely safe for you. Regards, Michael

Michael-Herzog avatar Oct 30 '23 08:10 Michael-Herzog

thank you @Michael-Herzog

I know what you mean... When I change the "Security > Encryption private key", the order detail page (admin/order/edit/1/) gives an error.

Also, Default password format is set to Hashed. Can hashed data be displayed? I am curious about your comment as a programmer.

suatsuphi avatar Oct 30 '23 10:10 suatsuphi

Hi, I can't reproduce the problem you've described by changing the Encryption key. Whats the exact message (inclusive stacktrace) you're getting?

Hashes aren't used to store data. Their purpose is to ensure the requested data wasn't altered. There are a lot of resources in the internet on this topic. Here's one of them: https://www.thesslstore.com/blog/difference-encryption-hashing-salting/

Regards, Michael

Michael-Herzog avatar Oct 30 '23 14:10 Michael-Herzog

I can't reproduce the problem you've described by changing the Encryption key. Whats the exact message (inclusive stacktrace) you're getting?

first I record a credit card in the Manual section in OfflinePayment. then I change the "Encryption private key". when I open the order I get the error message.

suatsuphi avatar Oct 30 '23 17:10 suatsuphi

Something went terribly wrong here. We'll fix this ASAP. Please restore your original encryption key in the meantime.

Note to myself:

  • Port missing action ChangeEnryptionKey
  • Don't forget reencryption of encrypted data must also be done when the setting of encryption key has been changed by AllSettings grid
  • Check if there can be done some validation for the encryption key

Michael-Herzog avatar Oct 30 '23 19:10 Michael-Herzog

thank you

Something went terribly wrong here. We'll fix this ASAP. Please restore your original encryption key in the meantime.

I'm just doing demo trials

DecryptTextFromMemory - Is it possible to use "try cacth" in case something goes wrong while decrypting? I will use a dynamic key by users and the administrator will not view credit card information - so the page should not give an error.

  • If the data cannot be decrypted or gives an error, it may be a case of displaying encrypted data? or return "**********"

suatsuphi avatar Oct 30 '23 20:10 suatsuphi

DecryptTextFromMemory - Is it possible to use "try cacth" in case something goes wrong while decrypting? I will use a dynamic key by users and the administrator will not view credit card information - so the page should not give an error.

  • If the data cannot be decrypted or gives an error, it may be a case of displaying encrypted data? or return "**********"

We will pass on this. It is better to get a runtime error in this case instead of an empty string or some placeholder. It indicates that something serious went wrong.

muratcakir avatar Oct 30 '23 20:10 muratcakir

https://www.thesslstore.com/blog/difference-encryption-hashing-salting/

thanks for the article @Michael-Herzog

Every hash value is unique. If two different files produce the same unique hash value this is called a collision and it makes the algorithm essentially useless. Last year, Google created a collision with the SHA-1 hashing algorithm to demonstrate that it’s vulnerable. SHA-1 was officially phased out in favor of SHA-2 in early 2016. But Google had a point to make so it devoted two years’ worth of funds, man hours and talent in a partnership with a lab in Amsterdam to make something that was to that point more of an abstraction into a reality. That’s a long way to go to prove a point. But Google went there.

SHA-1 was officially phased out in favor of SHA-2 in early 2016...

public string HashedPasswordFormat { get; set; } = "SHA1";

can this be changed in the default settings?

I understood the difference between Hash and Encrypt. I made a logic like this - if I need to save credit card information for the user. I will use user passwords to encrypt the credit card information in the database - so each user credit card information will be encrypted with their own password. user passwords will also have to be hashed and saved in the system. the site administrator does not need to know user passwords.

and I can catch it when the password changes.

  public class CustomUserManager<TUser> : UserManager<TUser> where TUser : class
   {
       private readonly SmartDbContext _db;
       private readonly SecuritySettings _securitySettings;
       private readonly IEncryptor _encryptor;

       public CustomUserManager(
           SmartDbContext db,
           SecuritySettings securitySettings,
           IEncryptor encryptor,
           IUserStore<TUser> store,
           IOptions<IdentityOptions> optionsAccessor,
           IPasswordHasher<TUser> passwordHasher,
           IEnumerable<IUserValidator<TUser>> userValidators,
           IEnumerable<IPasswordValidator<TUser>> passwordValidators,
           ILookupNormalizer keyNormalizer,
           IdentityErrorDescriber errors,
           IServiceProvider services,
           ILogger<UserManager<TUser>> logger) : base(store, optionsAccessor, passwordHasher, userValidators, passwordValidators, keyNormalizer, errors, services, logger)
       {
           _db = db;
           _securitySettings = securitySettings;
           _encryptor = encryptor;
       }

       public override async Task<IdentityResult> ChangePasswordAsync(TUser user, string currentPassword, string newPassword)
       {
           var result = await base.ChangePasswordAsync(user, currentPassword, newPassword);

           if (result.Succeeded)
           {
//logic
           }
           return result;
       }
   }

suatsuphi avatar Nov 21 '23 12:11 suatsuphi