Re: [PHP] Sensitive Information (like CC)
What's the best (secure?) way of transmitting sensitive information over email? Leave the messages on the server and get them via pop3s. Outlook is capable of pop3 via ssl. Best regards Niklas Neumann -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Sensitive Information (like CC)
Leave the messages on the server and get them via pop3s. Outlook is capable of pop3 via ssl. I wouldn't do that - it makes the server a great hack target. Jason -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
RE: [PHP] Sensitive Information (like CC)
What's the best (secure?) way of transmitting sensitive information over email? I'm helping some friends build an online order form. They have a Thawte certificate and are already using it for the order form, but they would like the information to be emailed to them when an order is placed. The problem is, the information contains everything, the person's name, address, credit card information. Obviously I can't just email this over over the ether, so how do people deal with this type of stuff? Use PGP to encrypt the mail. The web server will need to have a PGP environment set up for the user running the httpd (usually nobody on a Linux box). Thus, PHP and access and execute PGP. Set up PGP on the recipients' computer. Probably a good idea to make the email address [EMAIL PROTECTED] or sales@, and not an individual user - makes it easier to manage a bunch of people receiving orders. Export the public key for the recipient's address, and send it to the web server. Have the sysadmin import the public key into the web server's user's PGP keyring with full trust and privileges, as this will stop PGP asking do you really want to trust this user? in the middle of a batch process and thus breaking everything. Once you can PGP encrypt a text file to that public key without having PGP ask for confirmation of anything, you need to hook PHP up to it. You need the environment variable PGPPATH set, so: ? putenv(PGPPATH=.where_you_installed_the_web_server_users'_pgp); ? Then you can write out the original mail with all the naughty info in it to a file, run PGP over it to produce an encrypted version, delete the original and mail the encrypted version. Jason -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Sensitive Information (like CC)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Have the email be a you've got an order email that has a URL in it which the then can view the order via SSL. That way you don't have to put all the information in the email. PGP is another option, but I find it beyond the abilities of many winblows users. - -- Aaron Turner [EMAIL PROTECTED]|synfin.net|linuxkb.org URI:www.synfin.net They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin pub 1024D/F86EDAE6 Sig: 3167 CCD6 6081 0FFC B749 9A8F 8707 9817 F86E DAE6 All emails by me are PGP signed; a lack of a signature indicates a forgery. I have retired my PGP 2.6.2 key: FBE1 CEED 57E4 AB80 596E 60BF 451B 20E8 On Mon, 23 Apr 2001, Ashley M. Kirchner wrote: What's the best (secure?) way of transmitting sensitive information over email? I'm helping some friends build an online order form. They have a Thawte certificate and are already using it for the order form, but they would like the information to be emailed to them when an order is placed. The problem is, the information contains everything, the person's name, address, credit card information. Obviously I can't just email this over over the ether, so how do people deal with this type of stuff? The server is a unix machine, and they are using winblows to read email. -- H | Hi, I'm currently out of my mind. Please leave a message. BP! | ~ Ashley M. Kirchner mailto:[EMAIL PROTECTED] . 303.442.6410 x130 Director of Internet Operations / SysAdmin. 800.441.3873 x130 Photo Craft Laboratories, Inc. .eFax 248.671.0909 http://www.pcraft.com .3550 Arapahoe Ave, #6 .. . . . .Boulder, CO 80303, U.S.A. -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.4 (GNU/Linux) Comment: Public key at: http://www.synfin.net/aturner/pgpkey.asc iEYEARECAAYFAjrk9FwACgkQhweYF/hu2uaojACfQB0rb/s6fE2TJdc0JVIfgOAD ZdkAn15Cly3vZ2cwUwOFZrmEt+T7ZP/G =fORj -END PGP SIGNATURE- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]