[ic] CC Encryption

Michael Baird interchange-users@icdevgroup.org
Tue Jun 11 21:52:01 2002 

Yes, but putting a wrapper around it and having it do nasty things is quite 
easily done you see, since the interchange cgi handles the actual encryption 
of the card, in reality sending the credit card info over the internet is 
dangerous business period. Obviously no one wants to be insecure, however I 
wasn't requesting that this be the defacto standard just as an option, as it 
was apparently earlier in the history of Interchange/Minivend. As I said 
earlier, I don't need the reasons why it's evil and the like as I stated, if 
you don't know how to do it that's fine, say you don't know, or propose a 
better way of handling this, I'm all for it, but requiring the customers to 
install PGP (if possible) is a sure way to stop this cart from being adopted 
by all but the most hardcore geeks (who probably wouldn't need a canned 
shopping cart in the first place). Thanks to those who proposed some 
constructive solutions and know the realities of dealing with the public.

Regards
MIKE

On Tuesday 11 June 2002 21:47, John Beima wrote:
> It wouldn't matter if they hacked the Interchange server, since it doesn't
> store the CC numbers either. It has been designed NOT to allow this to
> happen, and for good reason...
>
> But hey if you wish to have the cc companies take legal action against you
> for STUPIDLY and irresponsibly handling cc information.. Since it would be
> YOU held responsible for the neglagence...
>
> I bet even you clients would be able to take action against you for being
> the cause of all this as well...
>
>
> John Beima
> jbeima@palb.com, support@alocalagent.com, and support@alocalchurch.com
>
> P.A.L.B. Systems - Phone: (780)451-1086 - Fax: (780)447-4760
> 11639-122 Street, Edmonton, Alberta, Canada, T5M 0B6
>
> Affordable Web Pages - Phone: (888)932-9990 - Fax: (256)351-7297
> 2713B Spring Place SW, Decatur, Alabama, United States, 35603
>
> Quoting Michael Baird <mike@tc3net.com>:
> > The customers are already running Windows based OS's anyway, anyway's I
> > just
> >
> > asked for the choice, not that it become the defacto standard, because
> > It's
> >
> > what my customers want. A hacker can always break into the server and
> > hack the interchange CGI's as well, maybe the perl scripts should be
> > encrypted to
> >
> > stop this. Well anyway I wasn't looking for reasons why this shouldn't be
> > done (I'm quite aware of the caveats and all), I just wanted to know if
> > there
> >
> > was an option I missed, or if someone had already patched it to function
> > in
> >
> > the manner customers are accustomed to, if the answer is no, I will patch
> > it
> >
> > myself to function in a way that the customers will best be able to deal
> > with
> >
> > . Talking a few 100 novices through setting up PGP, not to mention those
> > using web based mail systems, which do not support it, isn't a practical
> > solution in my mind.
> >
> > Regards
> > MIKE
> >
> > On Tuesday 11 June 2002 18:33, Dan Browning wrote:
> > > At 05:09 PM 6/11/2002 -0400, you wrote:
> > > >Does Interchange have the ability to send the credit card number in
> > > > the clear via email with each order, or does someone already have a
> > > > patch
> >
> > to
> >
> > > > do so? I want to switch over to Interchange for my offering, but
> > > > having the users setup PGP on their machines is probably too much to
> > > > ask, some of them can barely do email at all, I just want the option
> > > > to do it in the clear (this is how my current solution deals with it
> > > > as well).
> > > >
> > > >Regards
> > > >MIKE
> > >
> > > So, some one only has to hack the mail queues on your server, their
> >
> > client,
> >
> > > or listen to ANY tcp-ip point between your server and the client?  That
> >
> > is
> >
> > > like writing the numbers on a postcard and mailing it.
> > >
> > > Knock on wood.
> > >
> > >
> > > +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > >
> > > | Dan Browning, Kavod Technologies <db@kavod.com>
> > >
> > > +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > > Parts that positively cannot be assembled in improper order will be.
> > >
> > > _______________________________________________
> > > interchange-users mailing list
> > > interchange-users@icdevgroup.org
> > > http://www.icdevgroup.org/mailman/listinfo/interchange-users
> >
> > _______________________________________________
> > interchange-users mailing list
> > interchange-users@icdevgroup.org
> > http://www.icdevgroup.org/mailman/listinfo/interchange-users
>
> -------------------------------------------------
> This mail sent through IMP: http://horde.org/imp/
> _______________________________________________
> interchange-users mailing list
> interchange-users@icdevgroup.org
> http://www.icdevgroup.org/mailman/listinfo/interchange-users