-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I work for a company that sends massive amounts of emails. One of our new features is to include a survey in your email message to your subscriber base the results are stored on our server for our customer to download. The forms are POSTed directly from the user's email client. We use the GET method for our forms as POST does not work from most email clients. As such, one of our customers wants to collect payment info from their email survey. We use HTTPS for form submissions so I know the data is secure during transit, however, once the form data is sent to our server, it is logged (via the querystring) into insecure HTTP logs written by IIS. I cannot use active scripting to encrypt the form data on the URL as most email clients (correctly) have scripting disabled. Can anyone think of a creative solution for me? The answer is not to put a link to the survey, we already do that, I have to have the form in the email, or a majority of people will not use it. Also, IIS will not allow me to disable the logging of the querystring, and I really don't want a process that "cleans" the logs, I would rather the data never be written. Also, I use the HTTP logs to provide usage stats to my customer (the email sending co.) so I need to keep them around, I also archive them, for auditing purposes.
advTHANKSance Ben Timby Webexcellence PH: 317.423.3548 x23 TF: 800.808.6332 x23 FX: 317.423.8735 [EMAIL PROTECTED] www.webexc.com -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPX5sw/nby1cCm2Q8EQKODACfQ670QA5Dm5a+2eWjvE+n8jK9rkUAninZ B5BQIQdPaNr4JU3LYLVxngIC =Pw/d -----END PGP SIGNATURE----- --- You are currently subscribed to activeserverpages as: [email protected] To unsubscribe send a blank email to [EMAIL PROTECTED]
