[thelist] Collecting secure customer data

Steve Cook sck at biljettpoolen.se
Fri Dec 29 01:42:08 CST 2000


I think what you may be looking for is something like this
http://pajhome.org.uk/crypt/md5/md5src.html
MD5 JavaScript. I thought this may have been the answer to your problem, but
after looking at the site for a while I realised that MD5 is a one-way hash.
That means that you can encode things with it, but you can't decode them.
Why would that be useful? Well, you can use it for passwords for instance.
You encode the password, submit it to the database and there it stays in a
non-readable form. When a user wishes to use the site, they send their
password which is encoded in the same way. If this matches the original they
are in, otherwise it's the wrong password.

What you *can't* use this for is to encode information in a way that you can
decode it later. There you need something like SSL or PHP. As others have
mentioned you could collect data unencrypted and then encode it on the
server (using PHP for instance) so that it can be downloaded/sent from the
server for later use. 

I would suggest that unfortunately a free hosting resource isn't the best
place to host a website dealing with sensitive personal information. Their
support and security concerns are more than likely not giong to be taken as
seriously as on a paid-for server where customers are likely to complain
loudly if there is a problem.

All the best

.steve


----------------------------------
   WapWarp - http://wapwarp.com
 Wap-Dev - http://www.wap-dev.net
 Cookstour - http://cookstour.org
----------------------------------

> -----Original Message-----
> From: Paul [mailto:paul.fisher at bushwhacker.co.uk]
> Sent: den 28 december 2000 17:39
> To: thelist at lists.evolt.org
> Subject: [thelist] Collecting secure customer data
> 
> 
> Hope everyone's enjoying the calm before the NewYearsEve storm.
> 
> Here's a creative question.  Using a Unix server running 
> Apache, is there
> any way I can collect sensitive customer information without 
> using SSL.  Oh
> and I don't have Telnet access either (I know, it's a free service!).
> 
> I can use any other common technology (e.g. Java etc.).  I'm thinking
> perhaps using a form script that encrypts the data and stores it in a
> protected file (?) on the server awaiting download??
> 
> Any creative solutions?
> 
> Paul
> 
> 
> 
> ---------------------------------------
> For unsubscribe and other options, including
> the Tip Harvester and archive of TheList go to:
> http://lists.evolt.org Workers of the Web, evolt ! 
> 




More information about the thelist mailing list