[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date
][Minivend by thread
]
Re: [mv] report flexibility?
****** message to minivend-users from Ryan Hertz <rhertz@gyb.baits.com> ******
At 02:04 PM 5/23/00 , you wrote:
>****** message to minivend-users from "Ron Phipps"
><takedown@cdsnet.net> ******
>
>Hey Burnie,
>
>I contemplated doing a similiar thing with our orders.... to keep the
>results in a centralized placed that could be viewed by multiple employees
>or by the hosting company (to track down errors). The conclusion I came to
>is that it is definitely do-able but that you will still need to use
>encyrption on the credit card information. The reason being is that if you
>write the information in clear text to a file it can be viewed by someone
>that breaks into the server or finds a way to view the secure area without
>knowing the password. You are putting the customers credit card numbers at
>risk to being used illegally. It would be possible for you to write the
>encrypted CC to disk then when the user opens the html page they can copy
>the text into PGP and view the CC info. This would also require a private
>and public key that was accessible to multiple users (anyone that would be
>viewing the restricted area)
If Minivend writes the file (with tag log) the minivend user will be the
owner, with the permissions (by default) locking out a user such as
"nobody" (Apache, others). In this fashion, only Minivend (or the Mv user)
can view the files. This, in itself, provides a small level of
security. I would also recommend using your secure server (SSL) to
retrieve these files. Even with PGP encryption on the CC number, I would
hope that your customers' personal information (phone, address, purchase
history) be secured.
>Good luck!
>-Ron
>
>
>-----Original Message-----
>From: Burnie Vincent <wangcomputers@hotmail.com>
>To: minivend-users@minivend.com <minivend-users@minivend.com>
>Date: Tuesday, May 23, 2000 1:27 PM
>Subject: [mv] report flexibility?
>
>
> >****** message to minivend-users from "Burnie Vincent"
><wangcomputers@hotmail.com> ******
> >
> >Hello All,
> >
> >I'm looking into the possibility of sending the Order Report to a flat
> >text file (tab or comma delimited) and appending the order to it, instead
> >of having it sent out as email. Then have this information displayed
> >as a password secured HTML page in a directory near the rest
> >of the MV pages... Wouldn't this also bypass the need for PGP encryption.
> >
> >P.S. I'm sure this is common practice, although I didn't see this in the
> >docs.
> >
> >
> >
> >
> >
> >btw... This is on a RH6.1 Box w/mySQL
> > perl 5.005_03, and MV4.04
> >
> >
> >Bernie Vincent
> >Web Developer
> >Wang Computers
> >________________________________________________________________________
> >Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
> >
> >-
> >To unsubscribe from the list, DO NOT REPLY to this message. Instead, send
> >email with 'UNSUBSCRIBE minivend-users' in the body to
>Majordomo@minivend.com.
> >Archive of past messages: http://www.minivend.com/minivend/minivend-list
> >
>
>-
>To unsubscribe from the list, DO NOT REPLY to this message. Instead, send
>email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
>Archive of past messages: http://www.minivend.com/minivend/minivend-list
Ryan Hertz tel 800-645-BAIT
Webmaster fax 520-645-2588
Advertising Director http://yamamoto.baits.com
Gary Yamamoto Custom Baits, Inc. http://www.insideline.net
-
To unsubscribe from the list, DO NOT REPLY to this message. Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list
