[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date ][Minivend by thread ]

Re: Encrypting entire order file

To: Larry Leszczynski <larryl@furph.com>
Subject: Re: Encrypting entire order file
From: Erik Aase-Remedios <erik@fourfish.com>
Date: Tue, 2 Mar 1999 11:59:55 -0500 (EST)
cc: MiniVend Users List <minivend-users@minivend.com>, John Armstrong <siberian@siberian.org>
In-Reply-To: <Pine.OSF.3.95.990302100016.4267A-100000@josephus.furph.com>
Reply-To: minivend-users@minivend.com
Sender: owner-minivend-users@minivend.com

******    message to minivend-users from Erik Aase-Remedios <erik@fourfish.com>     ******

Larry,

I like the simplicity of your solution, as I had tried to encrypt the
whole order (using PGP/MIME) with no success myself.

Won't this leave a security exposure?  As I understand minivend, it uses
EncryptProgram to encrypt the CC as soon as it receives it.  Then when the
order gets built it just includes the encrypted ccinfo. 

Doesn't your solution mean that the ccinfo will be unencrypted in the
session db?

-Erik
I may be wrong.

On Tue, 2 Mar 1999, Larry Leszczynski wrote:

> ******    message to minivend-users from Larry Leszczynski <larryl@furph.com>     ******
> 
> Hi John -
> 
> > So, the question is, does anyone have an orderfile being delivered 
> > that is totally encrypted as one document( not an attachment )?
> > 
> > Actually, the question is, can you share your knowledge with me ? :)
> 
> I have one catalog doing that, which sets:
> 
>   PGP  /usr/local/bin/pgp -feat __ORDERS_TO__ 2>/dev/null
>   EncryptProgram  /bin/cat
> 
> (Honestly, I don't remember why I set EncryptProgram to /bin/cat.
> I think when it was set to pgp, I had pgp-encrypted stuff inside
> pgp-encrypted stuff.)
> 
> The ord/report.html pages looks like:
> ---------------------------------------------
>          Referer: [data session referer]
>      Credit Info: [value mv_credit_card_info]
> [include file="pages/ord/receipt.txt"]
> ---------------------------------------------
> 
> There are no mime tags, it all goes as a single page email.  I took all
> the customer shipping/billing info and item-list tags (initially from the
> demo catalog pages) and put them into ord/receipt.txt.  This gets included
> into both ord/report.html (the emailed part) and ord/receipt.html (the
> onsceen receipt seen by the customer) so I only have to make changes in
> one place to affect both emailed ond onscreen receipts.  The onscreen
> receipt does not include the mv_credit_card_info tag, however.
> 
> 
> 
> Larry Leszczynski
> larryl@furph.com
> --
>   furph, Inc.	WWW/Unix/Windows Solutions	734-513-7763 (voice)
> info@furph.com	   http://www.furph.com		734-513-7759 (FAX)
> 

-
To unsubscribe from the list, DO NOT REPLY to this message.  Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list

Follow-Ups:
- Re: Encrypting entire order file
  - From: Larry Leszczynski <larryl@furph.com>
- Re: Encrypting entire order file
  - From: mikeh@minivend.com

References:
- Re: Encrypting entire order file
  - From: Larry Leszczynski <larryl@furph.com>

Prev by Date: Re: Encrypting entire order file
Next by Date: Re: locales with db
Prev by thread: Re: Encrypting entire order file
Next by thread: Re: Encrypting entire order file
Index(es):
- Date
- Thread