[ic] Encryption not needed?

Kevin Walsh kevin at cursor.biz
Wed Dec 17 13:38:28 EST 2003


> Installed Interchange 4.8.7 several weeks ago
>
Tut tut - you should have started with 4.9.9 to ease the migration to
5.0.0 and to make use of all of the wonderful facilities you're missing
out on. :-)

>
> and finished redesigning the
> user interface (using the foundation demo); templates, pages, databases,
> etc. The site was built for a customer who sells supplies to hospitals,
> hmos, etc. Originally it was meant to be open to the general public
> however things have changed (who could have guessed) and the site will be
> accessed via password only by one of their clients that has several dozen
> "centers" that supply their own customers throughout the US. Each
> "center" will username/password access. There will be no payments or
> payment information given since purchases will be billed as a "AR"
> account. Encryption isn't necessary (or is it?). After the "center"
> employee (customer) logs in, all the shipping and account information
> will be pre-populated in the data/forms displayed on the pages, though
> not changeable/editable (by the "center" employee). The Order Number will
> be formatted to include the date,time,and "center" code, i.e. Order
> Number: 12160314-539. 
> 
> The newbie questions are as follows:
> 
> 1. Since encryption isn't needed, is there simple way to by-pass the
> security-specific functions? 
> 2. Can I reformat the order number as specified?
> 3. How do I set the "demo" site live without encryption enabled?
> 
When you say "encryption", I'll assuming you're talking about PGP/GnuPG
rather than HTTPS/SSL.

Encryption is only required when emailing credit card details around,
for obvious reasons.  If you don't collect/email credit card information,
or other sensitive details, then you don't need PGP/GnuPG encryption.

In this case, you can switch it off by setting "EncryptProgram" to
"none" in your catalog.cfg file.  Obviously, with this disabled, if
you do attempt to email credit card details around then you will
see messages like "NEED ENCRYPTION ENABLED" in your emails.

As for the order numbers, why not simply store all of the information
(date/time, centre number and sequential order number) as separate
columns when the order is placed?  The columns can then be formatted
in any way you like in the emails and in any reports etc.

Having an order number of "12160314-539", as specified, isn't a lot of
use if centre code 539 places two orders on the same day, so I assume
you really want "12160314-539-1".  I would store that information in
three columns, as I said.

Storing the details as separate columns would also help when you want
to perform queries on the order data.  I.e. list all orders from centre
number 539 during 4Q2003.

-- 
   _/   _/  _/_/_/_/  _/    _/  _/_/_/  _/    _/
  _/_/_/   _/_/      _/    _/    _/    _/_/  _/   K e v i n   W a l s h
 _/ _/    _/          _/ _/     _/    _/  _/_/    kevin at cursor.biz
_/   _/  _/_/_/_/      _/    _/_/_/  _/    _/



More information about the interchange-users mailing list