WillMaster Possibillites Logo EzineSeek Award
Problem Solved; Access by many without compromising information
by
William Bontrager

Permission is granted to reprint this article in its entirety, provided no reprints are sent in conjunction with unsolicited bulk email, provided no fee or other value is exchanged, provided no changes are made to the article, and provided the author's name, signature lines, and copyright line are printed with the article; except you may change the article's title.

(This is a true story about a real problem that was solved with current and readily available technology.)

While developing self-replicating sites for essentialoilsrus.com, I came up against an interesting problem.

Sites are purchased at essentialoilsrus.com by distributors of a certain line of products. Each replicated site has a common product database and a common shopping cart. However, the fulfillment company can not accept orders sent directly to their server. They must receive orders by telephone or by FAX.

Product distributors need to FAX or telephone their own orders.

Emailing orders to individual distributors so they can then FAX or telephone them to the fulfillment company would not be secure, thus not acceptable. Using PGP encrypted email would require training each distributor to use it. Again, not acceptable.

What's needed:

  1. Order information needs to be stored on a secure server and retrieved by individual distributors so they can then FAX or telephone them to the fulfillment company. Retrieving from the secure server must be done without compromising the personal and financial information of other distributor's orders.
     
  2. When the distributor retrieves orders from the secure server, the environment of the distributor's computer can not be known. It might be a computer in a one-person office or it might be in an internet cafe where others have access to the same computer. As much security as possible needs to be implemented for diverse computer environments.

It was a nice little problem, the kind I enjoy solving.

Security on the Secure Server

Distributors already have usernames and passwords to access the control panel for customizing their replicated sites. When a distributor's site receives a product order, the distributor receives an email with a unique order number. The username, password, and order number are all required to retrieve the order's payment and other information from the secure server.

Thus, even with a stolen username and password, unique order numbers must be known before an order's information can be retrieved.

Security in the Distributor's Computer Environment

Implementing as much security as possible in the distributor's computer environment required more thought than did the secure server solution.

When the distributor retrieves an order, the order must be presented in the browser ready to print for FAXing to the fulfillment company or for reading while telephoning the order.

Server side programming has its limitations. For example, while the order is on the screen, nothing can be done about others looking at it. And the printed copy's distribution can not be effectively restricted.

However, there were some things I could do.

  • Instead of plain text, credit card numbers could be displayed on the screen with graphics.
     
    • If the distributor saves the page to his/her hard drive, an extra step of saving the images must be taken in order to save the credit card numbers. The numbers on the images appear like the surrounding text; not saving the images would reduce such thoughtless security risk.
       
    • The file names of the graphics could be temporary. Once the page with the order information is loaded into the browser, the file names can be deleted.
       
    • Because temporary, randomly generated file names are used, image file names from any pages saved to the distributors hard drive could not be used for determining the credit card numbers of other saved pages.
       
  • The distributor could be requested to log off when done. Logging off can delete all information on the secure server related to the retrieved orders.

Currently, there are several dozen replicated sites at essentialoilsrus.com. The implemented solution will work okay when there are several hundred, and even several thousand, replicated sites.

If you're curious about the sites, visit http://essentialoilsrus.com/youngliving

Copyright 2001 William Bontrager
Programmer/Publisher, "WillMaster Possibilities" ezine
http://willmaster.com/possibilities/
subscribe-possibilities@willmaster.com
Business Home Page: http://willmaster.com/