Just a question. Does it matter if a e-commerce web site is on the same server as its database that containes sensitive customer information? Would it be better if they would be on different servers?
@DamienMar 21.2005 — #The ideal situation is to have a separate server for your DB’s, however, this is cost prohibitive for many online stores. From a security point of view, “what’s most important”, is what kind of encryption is used when writing data to a database.
I'm working on an ecommerce site for a friend's business and am planning on using PHP's mcrypt library.
The ISP originally had the site and database on different servers but when I wanted them to install the mcrypt library to the one server they had problems. They were able to install the mcrypt library on the database server and now want us to move the site to that server.
I brought up my concerns about it being on the same server but they said the most places do it that way which did not seem right to me.
Is the mcrypt library sufficient for this situation? Once the order has been processed we would be deleting any sensitive data from the database. At the most it will be in the database for 24 hours but I want to do all I can to lower the liability.
@DamienMar 21.2005 — #There is no problem having the site and database on the same server, it's quit common. Mcrypt and mhash are compiled with php to allow encryption.
For example: Modernbill is a very popular site payment programe used all over the US which stores CC Numbers and account payments in a database, it's run on php and MySQL, all it requires is mcrypt / mhash and Zend Optimizer installed on the server to be secure.
So you question regarding mcrypt, yes it will do the job, but what programe are you using to write to the database.
@DravenauthorMar 21.2005 — #What my friend wants is for me to program an admin section where he can look up the orders and process them by hand.
So once the order is placed I would write the order info to the database using mcrypt to encrypt any sensitive data.
An email would be sent to my friend once the order is placed. He would then go to the admin section and bring up the order process it the same way they would an order they would recieve over the phone.
I have the whole site programmed except for the admin section and the mcrypt code.
@Shift4SMSApr 01.2005 — #You have two problems with having the database containing sensitive data and the site on the same server:
1) From the description of your problem, my guess is that you are using a shared server. It is impossible to truely secure data on a shared server and having the data and the application on the same server just makes it that much easier for someone focused on getting your data to get it.
2) The latest credit card regulations do not allow for the web application and the database to reside on the same server; the web server must reside in a DMZ with a firewall between the Internet and a firewall between the data:
WEB / FW / WEBSERVER / FW / DATA
While I doubt they would ever "out-of-the-blue" catch you doing this, I would be willing to bet that you would receive some serious fines if you were ever hacked.
@ray326Apr 02.2005 — #Steven offers very good advice. I'll add a couple of cents. First, you should not store CC numbers in any fashion. Delegate CC validation to an ASP so THEY can be the ones sued if the numbers are stolen. Second, if you outsource your app and data hosting then you have no control over who can get to the data. You need to make the ISP contractually liable for any misappropriation of your customer's data. If they will not step up to that you're at the mercy of the least honest person they employ.