Concern for storage of payment gateway key
From: Bryon Bean (bryon_bean_at_msn.com)
Date: 07/21/04
- Previous message: Bernhard Kastner: "Re: Port 1026"
- Next in thread: Todd Knarr: "Re: Concern for storage of payment gateway key"
- Reply: Todd Knarr: "Re: Concern for storage of payment gateway key"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 21 Jul 2004 14:35:24 -0700
Hi,
I'm 'a lot' confused as to how I should store a payment gateway key
(password, essentially) on a server that requires a perl script to access
that key. The recommendations by the payment gateway are sparse at best
(though they do recommend that the key be stored on a server other than that
on which the script/app resides). The script is run with nobody-like
permissions as it is a CGI script so the key must be readable by this
nobody-like user. My confusion is this; even if the file sits encrypted on
another server, the passphrase to decrypt the file, and the login access to
another server must still reside in the perl script that requires the key
information. Can someone please give me a clue about best practices (and
maybe why) or at least point me to some documentation on the subject of
storing documents securely that need access from un-compiled scripts (maybe
that's a stretch!)?. TIA!
Cheers,
Bryon Bean
________________________________________
In heaven all the interesting people are missing.
--Friedrich Nietzsche
- Previous message: Bernhard Kastner: "Re: Port 1026"
- Next in thread: Todd Knarr: "Re: Concern for storage of payment gateway key"
- Reply: Todd Knarr: "Re: Concern for storage of payment gateway key"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
