AbleCommerce Forums
»
AbleCommerce
»
General Questions
»
Why isn't encryption enabled by default?
Rank: Advanced Member
Groups: HelpDesk, Developers Joined: 11/9/2018(UTC) Posts: 564
Thanks: 122 times Was thanked: 26 time(s) in 25 post(s)
|
It seems like after 13 years we'd be enabling the store security encryption by default by now. But even in 9.0.2 a fresh install does not have encryption enabled by default.
Why not?
I see no technical reason why it couldn't be turned on and seeded with a random GUID value immediately after install.
Too many merchants fail to realize the encryption must be specifically enabled before their various gateway credentials are actually secure in the store SQL database.
|
|
|
|
Rank: Advanced Member
Groups: System, Administrators, Developers, Registered, HelpDesk Joined: 10/29/2018(UTC) Posts: 472
Thanks: 4 times Was thanked: 34 time(s) in 33 post(s)
|
Hi Joe,
The process of creating an encryption key involves saving a physical file and putting it in a safe location. It's supposed to be handled only by certain individuals (e.g. owners, top-level people), per PA-DSS requirements.
I suppose it could be done, but it would add another complexity to the installation, and then it adds another layer of risk because the person installing the software is not typically the person authorized to handle key storage.
Again, PCI has very specific requirements on the encryption. We provide the warning immediately after installation, but it sometimes isn't enough for merchants to take action.
Enforcement seems like the best option.
Let me know what you think,
Katie |
Thanks for your support!
Katie Secure eCommerce Software and Hosting |
|
|
|
Rank: Advanced Member
Groups: HelpDesk, Developers Joined: 11/9/2018(UTC) Posts: 564
Thanks: 122 times Was thanked: 26 time(s) in 25 post(s)
|
My thought is:
Enable the encryption using a random GUID value as the last step in the installation. And then change the existing reminder to enable encryption to a reminder to download the encryption key backup file. Ideally keep track of the last download date in store settings and remind admin users every 90 days.
As for complexity, it's one line of code to encrypt/recrypt the data. Shouldn't be an issue.
Since this is only for new installs, the performance impact will be zero. Even gateways aren't configured yet at that point in the install.
As for security, the installer would already have full access since they set both the first super user login and the SQL db credentials. But there's nothing yet to secure in the store since it's a fresh install.
Don't trigger a download after install. PA-DSS wouldn't like that I'm sure.
|
|
|
|
Rank: Advanced Member
Groups: System, Administrators, Developers, Registered, HelpDesk Joined: 10/29/2018(UTC) Posts: 472
Thanks: 4 times Was thanked: 34 time(s) in 33 post(s)
|
Hi Joe,
This all seems very reasonable and certainly makes sense. I'll add it to Jira as a new feature request.
Thanks again,
Katie
|
Thanks for your support!
Katie Secure eCommerce Software and Hosting |
|
|
|
AbleCommerce Forums
»
AbleCommerce
»
General Questions
»
Why isn't encryption enabled by default?
Forum Jump
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.
Important Information:
The AbleCommerce Forums uses cookies. By continuing to browse this site, you are agreeing to our use of cookies.
More Details
Close