Peter Schoenster wrote:
> On 16 Jul 98, at 1:01, Jack Killpatrick wrote:
>
> > Peter Schoenster wrote:
> > > I was just working on a script. Here is something:
> > >
> > > open(MAIL,"|$mailprog -t") || &print_error("mail doesn't open");
> > > print MAIL "To: webmaster\@rede.com\n";
> > > print MAIL "BCC: $bcc\n";
> > > print MAIL "Reply-to: $mail_to\n";
> > > print MAIL "Errors-to: $mail_to\n";
> > > print MAIL "From: Web Order <$mail_to>\n";
> > > print MAIL "Subject: Web Order\n\n";
> > > print MAIL <<END;
> > >
> > > Date: $date
> > >
> > > confirmation: $confirmation
> > > id: $id
> > > Cardholder_Name: $Cardholder_Name
> > > Card_Number: $Card_Number
> > > Expiration_Date: $Expiration_Date
> >
> > Ouch. Are you sending credit card info in plain text email? Is
> PGP in the
> > future?
>
> No, no pgp in the future. I know, I know. But you can imagine
> that the people
> I did this for use one of those professional hosting companies
> that do not allow
> for telnet access.
It looks like you are getting a confirmation number. Is that from a
web-based credit card approval process? If so, could you just send
"approved" orders to your customer via email, sans the cc information? I'm
guessing that you don't have a db behind this, since you don't have telnet
access, otherwise maybe an SSL solution would work. If there's no db and
you're using a third-party automatic cc authorization company, I'm guessing
that the third party has an SSL site setup where you can review (or
download) purchase details (including CC numbers), if the need arises.
Jack
____________________________________________________________________
--------------------------------------------------------------------
Join The Web Consultants Association : Register on our web site Now
Web Consultants Web Site : http://just4u.com/webconsultants
If you lose the instructions All subscription/unsubscribing can be done
directly from our website for all our lists.
---------------------------------------------------------------------
