Progress to date

Bowen, Peter pbowen at aboutws.com
Fri Feb 13 17:28:50 PST 2004 

Fellow Freesiders,
	
	I've been working on a few things, and I want to make them available
for review.  I'm a little new to Freeside, so If I've made any of the
classic blunders let me know.
	
	Here's what's new:

	Encryption - Alpha - Tested lightly on Postgres
	Files:
		cust_main.pm
		Conf.pm
	To use encryption
		Install the Crypt::OpenSSL::RSA module.
		Increase the size of the payinfo and paycvv in cust_main to
varchar(256) 
		Create a public and private key (1024-bit minimum)
		
		Configuration
		set encryption
		set the public key
		set the private key

		For those who have everything on the same system, this will
afford a measure of security (mostly through obfuscation)
		For those who have a different db server this protects
against a DB compromise
		The safest would be a three box setup...
			1 Database
			2 Web (external) - public key - no private key
			3 Web/billing (internal) public & private

		Bugs
			It uses the cust_main->payinfo accessor - change any
direct calls to set, setfield, get and getfield to use the accessor.
		Future
			Store the CC mask so that xxxxxx1234 still works w/o
the private key.
			Password protected private key for an additional
measure of security.
	

	Modularized Plans - code-review
	Uses Date::Calc - Ivan likes Date::Manip, but it had some problems
with timezones - May go back to manual calculation if Date::Calc doesn't
work.
	Files:
		cust_main.pm
		part_pkg.pm
		part_pkg/*
	
	I still need to make additional changes to cust_main->bill.  I'm
looking for feedback.  In addition to the current methods, I'm going to be
adding methods to calculate remaining value (deferred revenue) and handle
up/downgrades correctly.  Also I'm looking for a good set of test data - or
somebody who has a good set and doesn't mind testing for me. :)


	NOTE!!!!  I may have broken cust_main->bill - please do not run
these in production! :)  You've been warned.

	-Peter

 <<freeside-encrypt-mod_plan-diff.tar.gz>> 

	
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeside-encrypt-mod_plan-diff.tar.gz
Type: application/octet-stream
Size: 7699 bytes
Desc: not available
Url : http://420.am/pipermail/freeside-devel/attachments/20040214/74c96d30/freeside-encrypt-mod_plan-diff.tar.obj

More information about the freeside-devel mailing list