[thelist] Collecting secure customer data
martin burns
martin at members.evolt.org
Wed Jan 3 08:10:08 CST 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 18:33 28/12/00, Daniel J. Cody wrote:
>Warden, Matt wrote:
>
>>>Here's a creative question. Using a Unix server running Apache, is there
>>>any way I can collect sensitive customer information without using SSL. Oh
>>>and I don't have Telnet access either (I know, it's a free service!).
>>>I can use any other common technology (e.g. Java etc.). I'm thinking
>>>perhaps using a form script that encrypts the data and stores it in a
>>>protected file (?) on the server awaiting download??
>>>Any creative solutions?
>>
>>Well, what do you mean by "secured"? If you are talking about "transmitting"
>>the data from client to server, you really only have SSL to deal with. If
>
>+1
Actually -1 - there are a bunch of ActiveX and Java solutions out there
(eg http://www.brokat.com/), which a whole load of banks are using
(some of them because 128 bit SSL wasn't available outwith the US for
a while).
However, using them will restrict the range of clients which can access
the site, and break the Accessibility of your site in a major way (Rule 1:
Thou shalt not depend on client side scripting of any kind).
Cheers
Martin
________________
Martin Burns, Content Management Consultant
tel: +44 (0)774 063 9985
http://www.evolt.org/user/MartinB/32/evolt.org
http://www.easyweb.co.uk/
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
Comment: PGP Key ID: 0xA835CCCB
iQA/AwUBOlMyd3HoHnCoNczLEQLjtACgmjNDRF1X7aD4N1FFedzl9UGdIukAoLYQ
jFcMZad5+b+jNivnERv4FOUE
=Yl/B
-----END PGP SIGNATURE-----
More information about the thelist
mailing list