Re: Execute Perl code on CGI submit for credit card encryption

I'd say using SSL is all you need for the initial post from your form. Also, using any type of Javascript encryption is pretty much useless. Anybody could view it and see exactly how you were encrypting the data.

Comment on Re: Execute Perl code on CGI submit for credit card encryption

Replies are listed 'Best First'.
Re^2: Execute Perl code on CGI submit for credit card encryption by sgifford (Prior) on Aug 31, 2005 at 22:11 UTC
If you did public key encryption in JavaScript, you could see how the data was being encrypted and the public key being used, but still couldn't decrypt it without the private key. This is how HushMail.com does client-side encryption, using Java instead of JavaScript. But for this application, SSL is the normal way of doing it, and is probably better unless you have a lot of experience writing encryption software and a penchant for doing things your own way.	[reply]
Re^2: Execute Perl code on CGI submit for credit card encryption by friedo (Prior) on Aug 31, 2005 at 22:11 UTC
I wouldn't say it's useless. In a proper encryption scheme it is assumed that your enemy has full knowledge of the implimentation. I have seen Javascript implimentations of public key systems, which are perfectly secure as long as the private key is secure. Someone looking at the code would still not be able to decipher the transmission unless he somehow got the private key. But in this case, using SSL (which is a public key system!) seems sufficient.	[reply]


P is for Practical
	PerlMonks