Input and Storage of Payment Card Data is Risky

[terev]

It is very risky to manage a user's payment card data. There a large amount of governance around this that should be at least considered here https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard.

At the very least this project should include a disclaimer of what happens during payment flows and how payment card data is stored. Payment card data should be encrypted at rest. To be read during a transaction the user should be prompted for the passphrase used to encrypt the data. After used the data should be wiped from memory.

An attack surface exists here that if this repo were to be compromised the code could be modified to pass payment card info to themselves without the user knowing.

[natewong1313]

I appreciate your concerns, but many of these are unreasonable due to the way the bot functions.

[terev]

@natewong1313 correct me if i'm wrong but the user's payment card data is stored in plaintext in a json file right now. It's probable that it doesn't have file permissions to prevent other users/groups from reading it. This means other programs could read the user's info in plaintext directly from the file. There is a very real issue here that you have a responsibility to address considering you have so many users.

[terev]

@natewong1313 Please address at least this asap. Also I just noticed that the data directory is not in a gitignore. This means a contributor could quite easily accidentally commit and push their own payment data to github.

[natewong1313]

That’s valid, thanks for bringing it to my attention. I’ll add encryption when I get a chance.

[Ryan-Gross1993]

Was this encryption added?