ColdFusion RSS ColdFusion RSS

Decrypting an encrupted credit card number

Reply
1 2 Last »

Join Date: Sep 2008
Posts: 330
Reputation: freshfitz is an unknown quantity at this point 
Solved Threads: 27
freshfitz freshfitz is offline Offline
Posting Whiz

Decrypting an encrupted credit card number

 
0
  #1
Dec 15th, 2008
I'm tring to display an encrypted number store in sql database I have a key store in my application.cfm. and they number in my database is encrypted. My display code looks like this

ColdFusion Syntax (Toggle Plain Text) 
  1. <cfloop query="Get_Orders">
  2. <cfoutput>
  3. <tr>
  4.  
  5. 	<td><div class="content_black">#Get_Orders.Credit_Card_Type#&nbsp;</div></td>
  6.  
  7.   <cfset key = #application.key#>
  8.   <cfset Cardnum = '#Get_Orders.Credit_Card_Number#'>
  9.   <cfset CardDec = decrypt(Cardnum, key)>
  10.  
  11.  
  12. 	<td><div class="content_black">#CardDec#&nbsp;</div></td>
  13. 	<td><div class="content_black">#Get_Orders.Credit_Card_Month#&nbsp;</div></td>
  14. 	<td><div class="content_black">#Get_Orders.Credit_Card_Year#&nbsp;</div></td>
  15. 	<td><div class="content_black">#Get_Orders.Credit_Card_Name#&nbsp;</div></td>
  16. 	<td><div class="content_black">#Get_Orders.Comments#&nbsp;</div></td>
  17. 	<td><textarea name="HL_Comments_#Get_Orders.Order_Estimate_ID#" cols="20" rows="5">#Get_Orders.HL_Comments#</textarea></td>
  18. 	<td align="center"><input type="Checkbox" name="Contacted_#Get_Orders.Order_Estimate_ID#" value="1"<cfif Get_Orders.Contacted IS 1> checked</cfif>></td>
  19. 	<td><div class="content_black">#Get_Orders.customerNumber#</div></td>
  20. 	<td><div class="content_black">#Get_Orders.billing_phone#</div></td>
  21. 	<td><div class="content_black">#Get_Orders.Billing_Email#&nbsp;</div></td>
  22. 	<td><div class="content_black">#DollarFormat(Get_Orders.invoiceAmt)#</div></td>
  23. 	<td align="center"><div class="content_black"><input type="Checkbox" name="Processed_#Get_Orders.Order_Estimate_ID#" value="1"<cfif Get_Orders.invoiceProcessed IS 1> checked</cfif>></div></td>
  24.  
  25.  </tr>
  26. </cfoutput>
  27. </cfloop>
http://Vortexamerica.com
Reply With Quote Quick reply to this message  
Join Date: Sep 2008
Posts: 330
Reputation: freshfitz is an unknown quantity at this point 
Solved Threads: 27
freshfitz freshfitz is offline Offline
Posting Whiz

Re: Decrypting an encrupted credit card number

 
0
  #2
Dec 15th, 2008
Well it turns out when every my encrypted string has a " in it when it gets store to my sql database it stops at the " . Is there any way to create the encryption string with no characters?
http://Vortexamerica.com
Reply With Quote Quick reply to this message  
Join Date: Dec 2008
Posts: 45
Reputation: arrgh is an unknown quantity at this point 
Solved Threads: 6
arrgh arrgh is offline Offline
Light Poster

Re: Decrypting an encrupted credit card number

 
0
  #3
Dec 16th, 2008
Is that a double quote or two single quotes? What syntax are you using to insert the encrypted string into the database?

Side notes:

Since I don't work with cc's I am curious... is it a good idea to actually display the full credit card number on the web page?

<cfset key = #application.key#>
<cfset Cardnum = '#Get_Orders.Credit_Card_Number#'>
<cfset CardDec = decrypt(Cardnum, key)>
This has nothing to do with the problem, but there is no need for those # signs. Just use:

<cfset Cardnum = Get_Orders.Credit_Card_Number>
<cfset CardDec = decrypt(Cardnum, application.key)>
Reply With Quote Quick reply to this message  
Join Date: Sep 2008
Posts: 330
Reputation: freshfitz is an unknown quantity at this point 
Solved Threads: 27
freshfitz freshfitz is offline Offline
Posting Whiz

Re: Decrypting an encrupted credit card number

 
0
  #4
Dec 16th, 2008
Here is the syntex

ColdFusion Syntax (Toggle Plain Text) 
  1.  <cfset string = FORM.numCredit>
  2.                     <cfset key = ToBase64(BinaryDecode(#application.key#, "HEX"))>
  3.                     <cfset encrypted = encrypt(string, key)>

here is the encrypted string

0U5K" Z7*%U;#T,(/B?GX)0

it will only insert OU5K into the data base

Here is another
0U5[" ZG&$E/&T\8#BOC[(P

my sql table has
OU5[

I also tried

<cfset key = #application.key#>
<cfset Cardnum = '#Get_Orders.Credit_Card_Number#'>
<cfset CardDec = decrypt(Cardnum, key)>

and I still get " in my output


After I get this working thats my next task to trim the credit card being displayed on the page to the last 4 numbers
Last edited by freshfitz; Dec 16th, 2008 at 7:12 am.
http://Vortexamerica.com
Reply With Quote Quick reply to this message  
Join Date: Dec 2008
Posts: 45
Reputation: arrgh is an unknown quantity at this point 
Solved Threads: 6
arrgh arrgh is offline Offline
Light Poster

Re: Decrypting an encrupted credit card number

 
0
  #5
Dec 16th, 2008
Originally Posted by freshfitz View Post
Here is the syntex
ColdFusion Syntax (Toggle Plain Text) 
  1.  <cfset string = FORM.numCredit>
  2.                     <cfset key = ToBase64(BinaryDecode(#application.key#, "HEX"))>
  3.                     <cfset encrypted = encrypt(string, key)>
Are you using cfqueryparam when you insert the value into the database table?

ColdFusion Syntax (Toggle Plain Text) 
  1. INSERT INTO YourTable ( EncryptedValue )
  2. VALUES 
  3. (
  4. <cfqueryparam value="#encrypted#" cfsqltype="( sql type for the column )">
  5. )
Reply With Quote Quick reply to this message  
Join Date: Sep 2008
Posts: 330
Reputation: freshfitz is an unknown quantity at this point 
Solved Threads: 27
freshfitz freshfitz is offline Offline
Posting Whiz

Re: Decrypting an encrupted credit card number

 
0
  #6
Dec 17th, 2008
Here is my insert string

ColdFusion Syntax (Toggle Plain Text) 
  1. <form action="payments_autopay.cfm" method="post">
  2. 				<input type="Hidden" name="action" value="confirm">
  3. 				<input type="Hidden" name="selCreditCard" value="#form.selCreditCard#">
  4. 				<input type="hidden" name="numCredit" value="#encrypted#">
  5. 				<input type="hidden" name="selExpMonth" value="#form.selExpMonth#">
  6. 				<input type="Hidden" name="selExpYear" value="#form.selExpYear#">
  7. 				<input type="Hidden" name="vcCreditName" value="#form.vcCreditName#">
  8. 				<input type="Hidden" name="customerNumber" value="#customerNumber#">
  9. 				<!--- <input type="Hidden" name="orderID" value="#findOrder.Order_Estimate_ID#">
  10.  --->
  11. 				<input type="Hidden" name="comments" value="#form.vccomments#">
  12. 				<input type="Hidden" name="email" value="#form.email#">
  13. 				<input type="hidden" name="bill_fname" value="#form.bill_vcfname#">
  14. 				<input type="hidden" name="bill_lname" value="#form.bill_vclname#">
  15. 				<input type="hidden" name="Bill_vcAddress1" value="#form.Bill_vcAddress1#">
  16. 				<input type="hidden" name="bill_vcCity" value="#form.bill_vcCity#">
  17. 				<input type="hidden" name="bill_vcST" value="#form.bill_vcST#">
  18. 				<input type="hidden" name="bill_numZip" value="#form.bill_numZip#">
  19. 				<input type="hidden" name="bill_phone" value="#form.bill_numPhone#">
  20. 				<tr>
  21. 				<td colspan="2">&nbsp;</td>
  22. 				</tr>
  23. 				<tr>
  24. 				<td>
  25. 				<a href="##" onclick="document.forms[0].submit()"><img src="images/button_confirmInfo.gif" width="132" height="18" alt="Confirm Information" title="Confirm Information" border="0"></a><br><br>
  26. 				<!-- <input type="Submit" name="submitBtn" value="Confirm">
  27.  -->
  28. 				</td>
  29. 				</tr>
  30. 				</form>
  31. 				</table>
  32. 				</cfoutput>
  33.  
  34. 			<!--- </CFIF>
  35.  --->
  36. 		<CFELSEIF isDefined("form.action") and form.action EQ "confirm">
  37. 				<cfquery name="findOrder" datasource="#request.dsn#">
  38. 					INSERT INTO HL_OrderEstimates(credit_card_type,credit_card_number,credit_card_month,credit_card_year,credit_card_name,invoiceProcessed,autopay,autopayDate, billing_fname,billing_lname,billing_address1, billing_city,billing_state,billing_zip, billing_phone, customerNumber)
  39. 					VALUES('#form.selCreditCard#','#form.numCredit#','#form.selExpMonth#','#form.selExpYear#','#form.vcCreditName#', 0, 1,getDate(),'#form.bill_fname#','#form.bill_lname#','#form.Bill_vcAddress1#','#form.bill_vcCity#', '#form.bill_vcST#', '#form.bill_numZip#', '#form.bill_phone#', '#customerNumber#')
  40. 				</cfquery>
http://Vortexamerica.com
Reply With Quote Quick reply to this message  
Join Date: Dec 2008
Posts: 45
Reputation: arrgh is an unknown quantity at this point 
Solved Threads: 6
arrgh arrgh is offline Offline
Light Poster

Re: Decrypting an encrupted credit card number

 
0
  #7
Dec 17th, 2008
Try using cfqueryparam on all of the insert values. It works for me with MySQL.
Reply With Quote Quick reply to this message  
Join Date: Dec 2005
Posts: 5,851
Reputation: Salem has a reputation beyond repute Salem has a reputation beyond repute Salem has a reputation beyond repute Salem has a reputation beyond repute Salem has a reputation beyond repute Salem has a reputation beyond repute Salem has a reputation beyond repute Salem has a reputation beyond repute Salem has a reputation beyond repute Salem has a reputation beyond repute Salem has a reputation beyond repute 
Solved Threads: 749
Team Colleague
Salem's Avatar
Salem Salem is offline Offline
Void main'ers are DOOMed

Re: Decrypting an encrupted credit card number

 
1
  #8
Dec 17th, 2008
Personally, I'd be worried by how readily reversible the encryption of valuable credit card details appears to be.
Reply With Quote Quick reply to this message  
Join Date: Nov 2008
Posts: 20
Reputation: hhamdan is an unknown quantity at this point 
Solved Threads: 0
hhamdan hhamdan is offline Offline
Newbie Poster

Re: Decrypting an encrupted credit card number

 
0
  #9
Dec 18th, 2008
look my friend i had the same problem and i solved using this kind of encryption

coldfusion Syntax (Toggle Plain Text) 
  1. <cfparam name="Request.PasswordKey" default="keyyyyyyyyyyyyyy">
  2.  <cfset Encrypted = Encrypt(form.number,  Request.PasswordKey)>
  3. <cfquery datasource="db">
  4. 		Insert Into table (field1, field2, ,field3)
  5. 		Values
  6.         (<cfqueryparam value="#form.na#">, <cfqueryparam value="#Encrypted#">)
  7.       	</cfquery>
  8. and when you want to decrypt the date
  9. use 
  10. <cfset decrypt = decrypt(fildes, Request.PasswordKey)>
hope it help
Thanks
Last edited by peter_budo; Dec 18th, 2008 at 3:19 pm. Reason: Keep It Organized - For easy readability, always wrap programming code within posts in [code] (code blocks) and [icode] (inline code) tags.
Reply With Quote Quick reply to this message  
Join Date: Dec 2008
Posts: 45
Reputation: arrgh is an unknown quantity at this point 
Solved Threads: 6
arrgh arrgh is offline Offline
Light Poster

Re: Decrypting an encrupted credit card number

 
0
  #10
Dec 18th, 2008
Originally Posted by hhamdan View Post
look my friend i had the same problem and i solved using this kind of encryption
Encryption was not the problem. It was the lack of cfqueryparam, as I already mentioned.

Though, I agree with Salem about security. If you are storing credit card information security and encryption should be very tight. If you are not well versed in it or don't have the experience and resources, there are reputable companies that do. Consider the liability if security is poor ..
Reply With Quote Quick reply to this message  
Reply
1 2 Last »

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Other Threads in the ColdFusion Forum
Thread Tools Search this Thread



adobe adobelivecyclees alfresco amazon cfquery coldfusion contentmanagement dreamweaver ebooks kindle opensource openstandards pdf select sony sonyreader
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC