Re: Displaying customer passwords to admin
1++
It is worrisome that some people are justifying this mod with ...because users have problems with their passwords, therefore the admin need to see their [users] passwords to go in to help them modify their profiles...
In other words, convenience is placed ahead of security. Imagine if BOA [bank of america] has a similar functioning software and BOA admins insist on mods that will display customers passwds in order to be able to help those customers! No one would want that and, certainly, the responsible Federal authority will not certify such software suite.
2++
It appears that QT shares some of the blame for this problem. Although it can still be defeated just like anything else, at least QT should implement a one-way hash functionality on the front end [client side] so that only the hash of the user's passwd get transported via the ssl channel and get saved by the time it gets to the server side. In this case, the admin will not be able to see the actual passwd unless she resorts to brute force since she would still have access to the hash value in the server. On the other hand, if someone then creates a mod on the client side to either disable the client side passwd hashing functionality or save an un-hashed copy of the the customer's passwd the whole world, especially diligent QSAs will be able to more easily flag such sites as in blatant violation of basic security, basic PCI compliance principles. Security experts have consistently emphasized there is no perfect security if the system is to be conveniently useful and that sensible security is a balance between security and convenience. So I urge QT to look into this problem to implement a solution such as putting the hashing functionality on the client side.
3++
In this connection, I have also seen some policies in which merchants claim/guarantee security because, although they save both CC numbers and the corresponding CVV codes, they delete all credit card information from their servers after 30 days. I hope you don't operate this way. The CVV code and the CC number should not be saved together as you do not need the info after the authorization and as long as the authorization is valid. The merchants that save them claim convenience because they need the CC info to process returns or to charge customer the extra due to the difference between the return and substituted item in case of exchanges.
4++
By the way, in the current design, a mod is not needed for an admin to see a customer's passwd value. Just install webdev plug-in into FireFox (FF). Then login as admin and bring up the customer's profile. Scroll down to the passwd section. Verify that it is masked, displaying as dots. Then (since you've installed the appropriate webdev FF plugin) reveal the passwd by clicking FF's Forms > Show passwords. Voila! the passwd exposed.
|