[thelist] Collecting secure customer data

Warden, Matt mwarden at odyssey-design.com
Thu Dec 28 13:17:28 CST 2000


> Here's a creative question.  Using a Unix server running Apache, is there
> any way I can collect sensitive customer information without using SSL.  Oh
> and I don't have Telnet access either (I know, it's a free service!).
>
> I can use any other common technology (e.g. Java etc.).  I'm thinking
> perhaps using a form script that encrypts the data and stores it in a
> protected file (?) on the server awaiting download??
>
> Any creative solutions?

Well, what do you mean by "secured"? If you are talking about "transmitting"
the data from client to server, you really only have SSL to deal with. If
you're not worried about that part, and just want to store the data in a safe
place, you can submit the data via a form POST to a handler script which
appends to a file or other type of datastore. It would be a Good Thing(tm) if
this datastore resided below the SITE ROOT DIRECTORY. So, if your site's root
has a physical path on the server of:

E:/InetPub/sites/k-o/mySite/www/

Then you should store it in something like:

E:/InetPub/sites/k-o/mySite/sensitiveInfo.log


Maybe we can help more if you tell us what kind of information you're talking
about.



--
mattwarden
mattwarden.com





More information about the thelist mailing list