Assuming you have SSL and if you should since taking Credit Cards you should. Even the host shared certificate would do.
1. Take the details 2. Store encrypted in the database 3. Send email asking customer to process 4. Customer logs in via SSL to get Credit Card details 5. Reminder emails if not viewed 6. Credit card details removed once customer ticks processed. 7. Credit card details are automatically removed from DB after X days This system keeps things very safe, as if the system is compromised then only recent unprocessed transactions are available. Someone might have other options, but the chance of someone 1. Hacking your security 2. Finding unprocessed transactions 3. Working out the encryption key used Is very low IMO. Regards Dale Fraser http://dalefraser.blogspot.com From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Andrew Scott Sent: Monday, 25 June 2007 10:04 PM To: [email protected] Subject: [cfaussie] Re: Secure PDF Forms Dale, 1) There is a budget, did not say no budget. 2) I did say this was on a hosted environment, and that I need a quick solution (Subject Title) 3) I should have said userpassword, not username and password (Ooops) I do not have all the answers, and yes I am looking for a quick solution. The more I think about it even the security permissions of cfdocument will not stop anyone from opening the file (from the last time I did this). but considering the PDF is already designed by the client, I was thinking that it would not be hard to modify the details and resend the PDF back to the client. My concerns are security of the Credit Card, and getting this solution up and running. I hadn't tested the cfdocument tag with srcfile, and if this will load a predefined PDF or not. Eitherway the security is in the credit card information that I am trying to obscure, and not store in the DB on the shared hosted servers. On 6/25/07, Dale Fraser <[EMAIL PROTECTED]> wrote: Andrew, If you know all the answers why are you asking? You ask for a solution to a problem and other ideas but don't mention all the limitations. If it's a hosted environment and you have no budget, then the answer is 1) No 2) No 3) No PS: Cfdocument only supports username / password in CF8. Regards Dale Fraser http://dalefraser.blogspot.com <http://dalefraser.blogspot.com/> From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Andrew Scott Sent: Monday, 25 June 2007 9:32 PM To: [email protected] Subject: [cfaussie] Re: Secure PDF Forms Dale, cfdocument does supprt encryption and username and passwords etc I have used them before. CF8 is not going to be a solution, as this is a shared hosting and needs to be completed by the end of this week. And yes I know that CR would be great, except as I stated this is shared hosting. And I was hoping for an easy solution. The problem is that the website will be redeveloped down the track, this is a once of event and will never be used again and they want it as cheap as possible. Being an Non profit organisation, funds is very limited. On 6/25/07, Dale Fraser <[EMAIL PROTECTED]> wrote: 1) No, PDF supports passwords, but I don't CF supports adding them. 2) Yes CF8 3) Yes CF8 My favourite option would be to (Needs CF8 or a Plugin) Create a PDF, print it to a printer for processing, delete the PDF. As you know Andrew, you could do this with Crystal or CF8 would be even easier just using CFDOCUMENT. Regards Dale Fraser http://dalefraser.blogspot.com <http://dalefraser.blogspot.com/> From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Andrew Scott Sent: Monday, 25 June 2007 3:42 PM To: [email protected] Subject: [cfaussie] Secure PDF Forms Can anyone answer this one quickly. I have a client who is looking to add, a one off online registration that will accept credit card information. They will already have a PDF file that can be down loaded, and I was thinking that I could display this to the user on the screen to print or send via email. A couple of things, they are going to process this on a manual basis. And I would prefer to not store any Credit Card info in the database, this is also hosted on a shared hosting server so do not want to go that option. The client mentioned emailing, but I would prefer to not even contemplate that option either. So that leads me back to the PDF, my thinking is that (and I haven't done this, so hoping someone may have) is to utilise their PDF so the user can enter the details, and either print it out or send it on to be processed via email. And secure the PDF from reading without the correct username and password to the PDF. So my question are as follows: 1) Can the PDF be modified by CFMX7.0 to use a username and password and then be emailed to the client. 2) Does the entry of the information into a PDF constitute the need of an SSL in anyway 3) And can there be a button in the PDF to say send to an email address set up the username and password for the PDF. Any other suggestions, that might be a better solution? Andrew Scott Senior Coldfusion Developer Aegeon Pty. Ltd. www.aegeon.com.au <http://www.aegeon.com.au/> Phone: +613 8676 4223 Mobile: 0404 998 273 No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.5.472 / Virus Database: 269.9.6/865 - Release Date: 24/06/2007 8:33 AM www.aegeon.com.au <http://www.aegeon.com.au/> Phone: +613 8676 4223 Mobile: 0404 998 273 www.aegeon.com.au Phone: +613 8676 4223 Mobile: 0404 998 273 --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "cfaussie" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cfaussie?hl=en -~----------~----~----~----~------~----~------~--~---
