We are going to be using SQL Server 2005’s encryption mechanism to encrypt sensitive information, such as credit card data. We’re going to be running the remoting portal in a separate process – perhaps even on a different box from the web servers – the app server’s remoting portal will run under credentials that have the ability to decrypt the data in SQL Server before returning it to the web servers.
We want to insure that the actual credit card number is never, never returned back to the client-side code running on the web servers. This is simple enough – during the DataPortal_Fetch(object criteria) method, we just make sure that the actual card number is either a) never loaded or b) set to string.Empty or some other value. But, we still need to be able to actually work with the credit card number itself within the context of the server-side app server code.
My question is this: Is there a way to detect that a method, such as DataPortal_Fetch() is being called from the client code so that we can prevent the sensitive information from being returned? If not, another easy way would be to have another “non-remoting” method to Fetch/Load/Retrieve the data in order to provide it to the another object running on the app server. But the problem there is that a really good hacker could analyze the client assemblies and then potentially upload his own new assemblies that made a call to our private load method which would then return the sensitive data.
The only other potential solution that I can think of would be to have a method that doesn’t actually return anything – except perhaps a Boolean or something – that performs all the processing necessary on the card, such as submitting it to a payment gateway, etc.
Granted, this whole situation is very hypothetical and one could say that it’s almost academic because maybe a hacker would just give up and move on – but the whole point of these security measures is to protect the data, so why not accomplish that end?
Copyright (c) Marimer LLC