Re: Sending Encrypted Data to an E-mail Account
by diotalevi (Canon) on Jun 21, 2004 at 16:16 UTC
|
| [reply] |
Re: Sending Encrypted Data to an E-mail Account
by hardburn (Abbot) on Jun 21, 2004 at 16:29 UTC
|
We do this all the time where I work. We use Crypt::OpenPGP to do the encryption server-side, then setup each person who needs to process a credit card with GnuPG (using a Win32 frontend called WinPT) and their own key for their e-mail address. You'll need to walk them through the key generation and how to do the decryption (just send a test order). Then give them a little lecture about how to keep the encryption keys secure.
----
send money to your kernel via the boot loader.. This and more wisdom available from Markov Hardburn.
| [reply] |
Re: Sending Encrypted Data to an E-mail Account
by derby (Abbot) on Jun 21, 2004 at 17:06 UTC
|
Four steps to Security (or how to be good until your boss looses his Excel spreadsheet by mailing it to his hotmail account for some *sure* work at home).
- Set up your secure server
- Process your data
- Encrypt your data (geez I'm a stats whore).
- Mail it.
Update: Yikes! browser enabled encryption ... don't even try. You're better off doing it at the server. If the boss complains, start throwing words around like fiduciary responsibility. | [reply] |
|
Well my main reason for asking all of this to avoid packet sniffing. How would I get around packet sniffing if the user is sending over name/credit card/etc. intially when they are ordering something.
| [reply] |
|
| [reply] |
|
|
Secure servers are the *real* way to get around packet sniffing. There are some attempts to do client-side public key encryption via javascript (giyf) but I sure would hate to be on the QA team for something like that.
| [reply] |
|
Re: Sending Encrypted Data to an E-mail Account
by pbeckingham (Parson) on Jun 21, 2004 at 16:16 UTC
|
Using a secure server to capture the details and encrypt them will work for you, but then turning around and emailing the data over a plaintext wire protocol will undo some of that protection.
Is the recipient (boss) email address within your domain, hosted internally, along with your site? I.e., does that email message have to leave the (hopefully) protected confines of your network and venture out into the bad world?
| [reply] |
|
Well, part of the problem is he doens't have the server set up yet. I've been developing the site on my local host server and he is waiting until I finish everything before he buys the server and sets all of that stuff up. And no, his e-mail is not within our domain and I don't think he would be willing to change because he uses his one e-mail right now for so many clients.
| [reply] |
|
| [reply] |