views:

158

answers:

2

I need to store payment gateway processor username/password credentials on a production web server, but would prefer not to do so in clear-text. What is the best way to store these credentials? Are their best practices for encrypting and decrypting this information?

A: 
  1. Store outside of any directory that is web accessible.
  2. Make sure only the app processes have read access.
  3. Harden server.
thedz
Does it matter if the credentials are encrypted? In my mind it doesn't seem like it because if an attacker compromises the server, they could also recover the key to decrypt all of the info.
Brad Gessler
Yeah, that's my thinking. If they compromise your server, they can just check your source to see how you're decrypting.
thedz
+1  A: 

It's a classic chicken-egg problem. Encryption does not help you at all if you can't protect the keys. And you obviously can't.

What I would suggest is to try to make the other services / users use hashes towards your authentication code, and save those hashes instead. That way at worst you will lose the hashes, but it might prove hard (depending on the rest of the setup) to actually use them maliciously. You might also want to salt the hashes properly.

An other possibility would be using an external authentication store if you can't enforce using hashes. It does not really solve the problem, but you can control the attack vectors and make it safer by allowing only very specific contact with the actual source with the important data.