FormBrowser and Security

[CMSmonkey]

Hi Everyone,
As I transition a client's website over to maintaining sensitive data directly on the site, I just want a little reassurance that I understand the level of security in maintaining such data...

I am using the latest versions for the system and modules:
CMSMS 1.6.6
FormBuilder 0.5.12
FormBrowser 0.2.3
CustomContent 1.5.3
Front End Users 1.6.10

My site has its own security certificate enabled; pages that need it are secured using the {https} tag as instructed in the Documentation (FAQ Page 2) and the Admin interface is also secure.

If I understand the Admin accessibility correctly, I cannot get only certain users to view certain FormBrowsers - I can only give them permission to access the entire module.  So what I did was set up a FEUser, script the page so that it is CustomContent enabled, disable the page from being "searchable", {https} the page, and then place the FormBrowser tag directly on the page.

Is this correct?  Will this ensure that the information is not accessible by any other person not logged in and given permission to view this page?  The page cannot be indexed by search engines too, right?

Also --- what is the preferred way to maintain highly sensitive data such as a credit card #?  If I am not mistaken, I don't think there is any way to encrypt the credit card field, right?  At best, I decided to place this field as "Do Not Display" in the Admin and User FormBrowser views, as I don't see any need for the client to view this information.  Is this the best practice?

Thank you in advance for your advice, as this is the first time I am having to deal with this issue with CMSMS.

[Peciura]

Sensitive data should be encrypted in data base. Use md5 or sha1 to encrypt them and store to DB. Do you really need to know exact credit card number ? Isn't it enough  to compare encrypted number against one stored in DB ?

[CMSmonkey]

Is the encryption done directly through PHPmyAdmin? (Sorry, I have never had to do this before, so I am not sure about the process.)

Here's the scenario:
My client is a non-profit organization collecting donations directly through their website.  They are moving from Authorize.net's SIM method, which maintains the payment process on their server to Authorize.net's AIM method, which will have them maintain the payment process on their own server.

The donation form is set up through FormBuilder on an HTTPS page, which collects the general billing information (Name, Address, City, State, Zip, Amount, CC Number and Expiration Date).  One of the staff members needs access to the database to maintain the donor's information and send thank you letters to them.  Instead of schooling them on the use of PHPMyAdmin, I figured they can just login and view the donor's info through FormBrowser.  The form does not have encryption capability, so FormBrowser stores the credit card number exactly as it is entered.  The staff member does not need this information, so the best I could do was just not make that field viewable by using the "Do Not Display" option.

Is there an easier way to handle this?

[jmcgin51]

why do you need to store the cc number?  why not just process the payment and then discard the cc number afterward?

[CMSmonkey]

why do you need to store the cc number?  why not just process the payment and then discard the cc number afterward?

I definitely don't want to store it if I don't have to.  How would I go about discarding it after the transaction is completed?

[Peciura]

If you won't store human readable record you will be pretty sure, nobody will be able to steal customer data.

If you still want to save card number you could store it in hidden field. UDT in this field should encrypt number with  php function either "md5" or "sha1".
Here you will find idea how to use "Static Text" field to create dummy input  (3. creates pulldown field)
http://forum.cmsmadesimple.org/index.ph ... #msg183494

[CMSmonkey]

If you won't store human readable record you will be pretty sure, nobody will be able to steal customer data.

If you still want to save card number you could store it in hidden field. UDT in this field should encrypt number with  php function either "md5" or "sha1".
Here you will find idea how to use "Static Text" field to create dummy input  (3. creates pulldown field)
http://forum.cmsmadesimple.org/index.ph ... #msg183494

Hi Peciura
It seems like a little more work than I would like to do... especially if we have no need to store the cc number once the transaction has taken place.  If I just wanted to delete the credit card number is processed, is there any easy way to do this?

[Peciura]

After transaction is complete you will know response id and field id that stores data ?
In this case write simple UDT to alter that record in DB.

Or  assign value obtained from  dummy field to smarty variable (or pass it as parameter) and delete when you don't need it any more.

[CMSmonkey]

After transaction is complete you will know response id and field id that stores data ?
In this case write simple UDT to alter that record in DB.

Hi Peciura,
How do I do that?  I am not too skilled in MySQL.  The field ID is 581.

[Peciura]

I am not too skilled in MySQL

You just will be in  no time...  ;)
http://phplens.com/lens/adodb/docs-adodb.htm

Lets cal this UDT "update_fb_response"

Code: Select all

/*It updates existing  data only*/
/*$params['field_ids']*/   /*mandatory*/ /*comma separated field_id list, spaces will be trimmed*/
/*$params['resp_ids']*/    /*comma separated list of responce IDs, spaces will be trimmed. If no response id is supplied - all values will be overvritten*/
/*$params['replacement']='' */   /*replace values in DB with*/
/*$params['assign']*/   /*assign sql result to. If ($assign === false), sql query failed*/

if (!empty($params['field_ids'])){

   if (!isset($params['replacement'])){
      $params['replacement'] = '';
   }
   $fields = array();
   $query = 'UPDATE  '.cms_db_prefix().'module_fb_resp_val set value=?  WHERE (';

   array_push($fields, $params['replacement']);

   $field_ids = explode(',',$params['field_ids']);
   foreach($field_ids as $field){
      array_push($fields, trim($field));
      $query .= ' field_id = ? or ';
   }
   $query = rtrim( $query, 'o r');

   $query .= ' ) and ';
   if (isset($params['resp_ids'])) {
      $resp_ids = explode(',', $params['resp_ids']);
      foreach($resp_ids as $resp_id){
         array_push($fields, trim($resp_id));
         $query .= ' resp_id = ? or ';
      }
      $query = rtrim( $query, 'o r');
   }
   else{
      $query = rtrim( $query, 'na d');
   }

   /*
   var_dump($query);
   var_dump($fields);
   exit;
   */
   $db = cms_utils::get_db();
   $smarty = cms_utils::get_smarty();
   $assign = $db->Execute($query, $fields);

   if (!empty($params['assign'])){
      $smarty->assign($params['assign'], $assign);
   }
}
return;

Usage

Code: Select all

{update_fb_response  field_ids='123, 9999'}

Use at your own risk

[CMSmonkey]

WOW. I hope you write on your resume that you are bilingual because I have no idea what you just wrote in that UDT. 

So to understand (before I implement):
Is there any place in the UDT that I need to replace any values?
Where do I call this UDT? In the form?
When the UDT is called, this in turn will dump the cc field's value in the database so it is not stored, correct?

[Peciura]

As long as all fields have unique id you need to pass field id to UDT and all values corresponding to that id will be overvriten. It does not remove any record from data base.
If you call it anywhere in your site, all cc numbers  will be set to empty string

Code: Select all

{update_fb_response  field_ids='591'}

If you want to modify value(-s) of particular response(-s) add parameter "resp_ids"

Code: Select all

{update_fb_response  field_ids='591' resp_ids=$XXXX}

If you want to leave message to somebody (or something) looking for cc numbers - call it like

Code: Select all

{update_fb_response  field_ids='591' replacement=' Looking for some thing ? You bogeys.'}

Call this UDT after transaction is complete (you know better when).

There are no values in UDT just variables so you don't need to modify any thing. Just make sure you use right value(-s) for parameter "field_ids". Other 3 parameters are optional but might be useful.

[CMSmonkey]

Hi Pecuira,
Sorry for the late response; I have been thrown a ton of work I am trying to juggle!

1.  When I create the UDT, I get the following error message:
# Parse error: syntax error, unexpected $end in /[myserverinfo]/htdocs/admin/adduserplugin.php(100) : eval()'d code on line 49

2.  I am not understanding when to call this UDT.  I thought I would just add it into the form as a "Call a User Defined Tag with Form Results".  Looking at what you provided, it seems like I have to put it into a template/page.  Is this correct?  If so, can I just get it to automatically empty the cc field string as soon as the transaction takes place?  Is it possible to call it under the Event Manager/OnFormSubmit event?

Thank you for your patience and help.

[Peciura]

1. Ye.... I some how did not close  "if" statement in forum post. Now it is fixed.
2.

If so, can I just get it to automatically empty the cc field string as soon as the transaction takes place?

That is exactly what you have to do.
If you are writing message "Thank you for donation..." to visitor, call UDT just bellow it.

[CMSmonkey]

you are AWESOME!!!!!!!!!! 

I created the UDT then called it from the Submission Template.  It works perfectly!

Thank you again for your help in this matter.  You are truly an asset to the community here.