You are viewing this forum as a guest. Login to an existing account, or create a new account, to reply to topics and to create new topics.
I have a client that has three separate stores. They use an old yahoo widgit for decrypting their offline credit card data. The third store, they are just beginning to actually use. They got the first order using offline credit card and the old decryption tool does not work. I went in to the config.php file in the /ccp8-private and changed the info for $config['core.cryptkey'] = to the same as it is on the otehr two websites, but it still does not seem to work.
First, is there something else I would need to do? Seems like there should be an easy way to reset the encrpyt key. Running the installer does not bring it back up. Is there a place within the admin area t oreset it that I can not find?
Second, do you offer a better up to date tool for doing this?
Offline
As I posted, they have three stores. All different, but two use the same key, the third one needs to be the same as the first two other wise they have to keep changing the widget back and forth.
Why was it not a good idea? it now works, as when tested, they tested it on a new computer that did not have the key set up in the widgit. when testing on the machine they usually use to decrypt, it now works.
Offline
Why was it not a good idea?
Every bit of data that gets encrypted by the software uses that key. Which means you have data already in your system that used the old key. Things like processing gateway passwords, realtime shipping access info, etc. So you may have fixed your ability to decrypt this data, but this change basically made every bit of stored sensitive data in your install un-encryptable.
Furthermore, I hope you are aware the processing method you're using is not recommended for use in any type of production environment at all. So much so that it's been completely removed from K9. We can't recommend strongly enough that you abandon this methodology for processing cards, and use a real processing gateway that provides your sites the security they require in this day and age, and that puts somebody else on the hook (the processor) in the event there's a security-related problem.
Offline
Good info. As for the other things that may have been encrypted, the software had never been used as a store just a website. It was just being opened up as a store so there was really no data yet to have been encrypted. I'll confer with the site owner on your suggestions on not using this method any longer.
Offline