0

We are using log4net library for write logs in a file. Actually we have a payment form where we are accepting three fields

  1. Card Holder Name(max length 50)
  2. Card Number(Valid credit card number i.e Master/Visa etc) and
  3. Reference(this is just a text file, max length user can input any string or integer value).

When the user submits these values we log these input (Except card number because we have masked it before storing into the log file) in a file. But because the user can input any string or integer into the reference field so there is a possibility the user can input card number into this field and then it will be written into the log file. So how we can protect this field so users are not able to add a card number into this field? enter image description here

Kristof U.
  • 1,263
  • 10
  • 17
Rakesh Kumar
  • 2,701
  • 9
  • 38
  • 66
  • 3
    How come this is only specific to log4net? – G_S Mar 06 '18 at 06:59
  • 1
    If you feel like sensitive information is being placed in a log file then you probably should encrypt the information using a strong cypher and some salt specific to your application. It shouldn't just be restricted to credit card numbers. – Enigmativity Mar 06 '18 at 07:47
  • So the user can enter the ccn in the name field too, right? Maybe just delete all the digits since they can use several formats. – Marichyasana Mar 06 '18 at 08:10
  • actually, in the name field we are accepting only string, not numeric so user cannot able to add ccn in this field. – Rakesh Kumar Mar 06 '18 at 09:01
  • I assume that `Card Number` cannot be empty. Compare if `Reference` contains `Card Number`. – FCin Mar 06 '18 at 10:18

3 Answers3

1

When the user submits the form, you can validate the input. To check the reference field for credit card information you can use the regex described in the thread Regex credit card number tests.

If it matches the input you can either reject the submission with a warning to the user ("Reference may not contain a credit-card number" etc.) or simply skip the logging of this field. Or you can log it in an anonymous way, such as replacing the part of the input that matches the regex by asterisks (*) and adding a short description to the log message that a credit-card number was replaced.

Kristof U.
  • 1,263
  • 10
  • 17
1

I don't see an actual problem here. A card number is only useful in context. A "Reference" could potentially look like a card number, but not actually be a credit card. You're only obligated to protect credit card numbers stored as credit card numbers, or stored in such a way that it can be surmised they are credit card numbers. The relative rarity that a user might put a card number into the "Reference" field would not allow anyone viewing the logs to surmise that it's definitely a card number.

Still, I'd say your best bet if you want to catch these to is to Luhn-check the fields. If you actually get a pass on the Luhn-check in a field that's not for credit cards, then you can remove it or obfuscate it.

Chris Pratt
  • 232,153
  • 36
  • 385
  • 444
0

If card number is entered in reference then it will be a copy paste mistake (that end user can do). You Can simply check that if the reference contains cardnumber string then throw exception.

If reference and cardnumber both has different valid card numbers. Then it must be data enter by your QA person. Ha ha ha

Deepak Kumar
  • 648
  • 6
  • 14