[thelist] sensitive info and security
evolt at zamba.com
evolt at zamba.com
Sun Feb 2 18:56:01 CST 2003
thelist-admin at lists.evolt.org wrote:
> David Treves wrote:
> I am working on a web site where I should retrieve credit card
> numbers from clients of the site and pass them to the site
> administrator for manually charging the client.
<snip>
> Get a PGP public key from the client and use http://www.gnupg.org/ to
> encrypt the data and store it. I've just whacked some code together
> based on a process I use on onlinesales.
<snip>
>Kind regards, Liam Delahunty
I just had this problem (earlier discussion on list), and Erik suggested
sending notification emails with a secure area on server where the
client could retrieve information online.
As a short term fix I have installed PGP on my own computer (it's a
facility offered by my virtual host, a simple matter of uploading your
public key to the server). It's probably the same system referred to
above. Of course, it has the drawback that you have to get a public key
from your client if you want the emails to go straight there. In my
case, none of the clients involved have a public key etc and they are
all internet/computer challenged, so Erik's original idea has its
attractions. All the more so because of the clauses in merchant
contracts re secure transmissions (at the moment I'm transmitting the
info via fax to the final destination!).
Tony Page
[ZambaGrafix]
<websites that work>
tel: +61 2 9953 4425
fax: +61 2 9909 8534
email: ajp at zambagrafix.com
http://www.zambagrafix.com
More information about the thelist
mailing list