SX4aMbPf

1Encryption at Rest for WHMCS
2Has anyone successfully been able to configure encryption at rest for their WHMCS installations? With the growing number of data breaches, and WHMCS knack for storing things in plain text, we are considering adding additional security to our systems but are afraid that E@R will break WHMCS. Has anyone successfully implemented this and if so, how has your success been with it? Any issues with WHMCS not playing well?
3++++++++++++++
4list of top cheapest host http://Listfreetop.pw
5
6Top 200 best traffic exchange sites http://Listfreetop.pw
7
8free link exchange sites list http://Listfreetop.pw
9list of top ptc sites
10list of top ptp sites
11Listfreetop.pw
12Listfreetop.pw
13+++++++++++++++
14
15
16TIA!
17Agent Black Hosting LLC
18Check us out on Facebook!
19Proudly hosting clients since 2007
20What are you trying to Encrypt?
21- Passwords.
22- Personal Information.
23- Protocol (HTTP)
24
25it would be difficult to add encryption decryption at software level as we dont have access to whmcs software as sourcecode is obfuscated.
26Rest is security hardening which you can perform at server level (Database, WEB)
27Ahmed Kamil, SonicACE Solutions
28Premium Windows Hosting - Affordable Vmware Cloud Servers - SaaS Reseller Hosting Solutions
29MS Exchange, Lync, Sharepoint
30This would be best as a first party feature as they would be able to insure everything is properly encrypted and decrypted as data would need to be rapidly encrypted and decrypted to allow the app to function (e.g. create invoices, allow signups, allow customers to update info, search customer invoices, services, etc.). To insure the key is not readable by just looking at files or memory a TPM and potentially HSM should be used to help insure secure storage, loading and unloading of crypto keys.
31You really need to know what you're wishing to encrypt then in addition to this knowing the caveats of the encryption. As an example if you are wanting to encrypt all user information at the database level then you're no longer going to have the same search capability in MySQL.
32
33make money 3d printing
34z domain integrator
35hosting m&a multiples
36headerads.com
37btcvic.com
38hosting 2020 oscars
39t host parker
40If you really need this encrypted then we're going to be talking about changing the requirements as well as to maybe using CryptDB in order to still be able to perform SQL queries against the data. WHMCS already encrypts the most important information (passwords, credit cards, api keys etc) and beyond that you are going to severely limit the usability if you go further. You can of course do encryption at the file system level but that is about protecting cases where the drives are taken not about the underlying applications.
41You are in over your head.
42
43Encrypting your database won't help if your end points are vulnerable. Seeing WHMCS is a simple 1-1 direct connection to the database, I'm not sure at which point you can insert encryption and make it be secure.
44
45The hacker can simply run the API and voila... everything there! 
46
47GetClients
48Has anyone successfully been able to configure encryption at rest for their WHMCS installations? With the growing number of data breaches, and WHMCS knack for storing things in plain text, we are considering adding additional security to our systems but are afraid that E@R will break WHMCS. Has anyone successfully implemented this and if so, how has your success been with it? Any issues with WHMCS not playing well?
49
50TIA!
51VimHost >> 30 Days Backup | cPanel + LiteSpeed + JetBackup | DMCA FREE!
52RTMP/HLS - VPS - Dedicated | Providing Customer First Web Hosting since 2003 ~ Premium Hosting in Toronto, Canada ~ 151 Front Street
53Off the wall suggestion...
54
55But maybe, don't use a public facing billing system?
56
57Set up a Linux box in your office and run a billing system off of it. Firewall off your internal network from the WAN side of your connection.
58
59Sure, you can't access the billing system from outside of your office. And you probably won't be able to use WHMCS in such a set up. But if security is paramount, wouldn't this be the better solution?
60I believe there was one hosting company here before that created their own forms and stuff for the frontend and used the WHMCS api in getting the data.
61
62That will probably be easier than encrypting the whmcs database
63
64Quote Originally Posted by SPaReK  View Post
65Off the wall suggestion...
66
67But maybe, don't use a public facing billing system?
68
69Set up a Linux box in your office and run a billing system off of it. Firewall off your internal network from the WAN side of your connection.
70
71Sure, you can't access the billing system from outside of your office. And you probably won't be able to use WHMCS in such a set up. But if security is paramount, wouldn't this be the better solution?
72VimHost >> 30 Days Backup | cPanel + LiteSpeed + JetBackup | DMCA FREE!
73RTMP/HLS - VPS - Dedicated | Providing Customer First Web Hosting since 2003 ~ Premium Hosting in Toronto, Canada ~ 151 Front Street
74Thanks all for the thoughts and comments. Mainly what we were considering is fully encrypting the database information. While the end points are as secure as we can make them without yanking the network cable, we were hoping to add an additional layer of protection to the data. You all have given us much to consider, thank you.
75Agent Black Hosting LLC
76Check us out on Facebook!
77Proudly hosting clients since 2007
78Well, the issue is going to be, even if you encrypt the database as it is stored... WHMCS is going to have to be able to decrypt it. Which means the key to do such will have to exist within the WHMCS installation some where. So if someone hacks into your WHMCS installation... regardless of how the database is encrypted... the key will be there in the WHMCS installation, so they would be able to decrypt the database.
79If WHMCS isn't decrypted the information in the database. Then users are just going to get gobbly-gook when they look at the data retrieved from the database.