> Message: 3 > From: "Hosting Sales" <[EMAIL PROTECTED]> > Subject: RE: [cobalt-developers] SSL on RAQ 4 basic help > Date: Wed, 21 Nov 2001 10:28:34 -0500 > > > > > > I'm trying to set-up a secure connection for a client who wants users > to > > enter credit card details on a web page and then have these emailed to > > them. > > No real On-line payment is happening so my thoughts on how to do this > > would > > be to set up a secure connection via SSL and then send the email using > > APOP. > > Is this the best way to do this? If so, how do I actually use the SSL > on a > > web page? I know how to activate it on a site, but how do I actually > > implement it for a particular web page (i.e.. the page that has the > > details > > entered on to it..)? > > > > I know this is probably quite basic stuff, but would really appreciate > > some > > help. > > > > Thanks > > > > F. > > > > It is considered very bad form (and misleading) to use a secure site to > gather confidential information (such as a credit card number) and then > use a less secure means (such as plain-text email) to forward the > gathered information over the 'Net to another host. Don't even think > about doing this unless the email (end to end, not just host to host) > will use a level of encrpyption at least as good as that of your web > server (probably 128-bit). Likewise, don't store the data unencrypted > in any files on any system, including the secure server and the mail > server. > > When browsing clients see the padlock icon, they have certain > expectations of information privacy. You may be opening a king-size can > of worms if you violate those expectations for the sake of expediency. >
>From reading the user's post, I don't think they were aware of any security vulnerabilities with transferring data via email. They are obviously newbies "I know how to activate (secure cert) on a site, but how do I actually implement it for a particular web page". So they're looking for guidance. How do they ensure that the email, too, is secure? Any other suggestions as to how to get this information to the client securely? Fax from the server? Certainly, I am in absolute agreement that once the credit card info has been transferred it should be immediately removed from the server (an email can sit in a pop account for days, a fax could be sent daily or hourly with credit card info deleted on confirmation of receipt by the facsimile machine). Warmest regards, Lee Dale President ______ Smack Inc. 416.440.4246 Telephone 416.440.1230 Facsimile www.smackinc.com Clear. Concise. Communication solutions from Smack Inc. _______________________________________________ cobalt-developers mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-developers
