On Tue, 08 May 2001 06:09:49 -0400 (EDT), "Larry W. Virden"
<[EMAIL PROTECTED]> wrote:
>I'm rather surprised that I so seldom see someone suggestion using
>one's own public key to encrypt the data, and your private key to
>decrypt the data - are people just not using PGP and the like?
We do exactly that on a subscription site. The client logs into his admin
interface every day (thru SSL of course) and if there are subscriptions due
to be processed, he pastes in his private key (which is meant to be stored
offline on a floppy or something but I doubt he bothers) and the due
subscriptions are batch processed. We rolled our own solution using RSA
(public domain) because PGP was so goddamn expensive. <cfplug> The tag is
available on our website if anyone is interested -
http://developer.perthweb.com.au! </cfplug>.
This could work for refunds if you aren't expecting them to be too often - I
think that you'd want a real live human to be looking over them anyway, just
in case some hacker has found some hole in your system you didn't think of.
It wouldn't work for storing a credit card for future purchases by the user,
but then again I wouldn't want to trust a site that was doing that anyway,
just personally. Maybe this industry has just made me cynical and jaded, who
knows...
K.
______________________________________________________
Kay Smoljak - ColdFusion Developer - PerthWeb Pty Ltd
Internet Solutions for your business!
Level 9/105 St George's Tc - Perth - Western Australia
Ph: (08) 9226 1366 Fax: (08) 9226 1375 Mobile : 0419 949 007
Visit Perth online! : www.perthweb.com.au
Tools for developers: http://developer.perthweb.com.au
-- cfx_pwimageproc: image processing tool
-- cfx_pwcardcrypt: credit card validation and encryption
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
