encrypted e-mails from script/cgi

Re: encrypted e-mails from script/cgi


"zn" <zn@zn122.edu.i nvalid> wrote in message
news:Xns95DDAB2 7BB1EAznzn122ed uinvalid@216.19 6.97.131...[color=blue]
> If I place a form for product ordering on my website, what scripting
> technology or CGIs can I use to encrypt the e-mail sent to my e-mail
> account with the order information?
>
>[/color]

Dear God. I hope you're not planning on having customers' credit card
information emailed to you. That is extremely insecure and dangerously
irresponsible.

Get a payment gateway to handle this stuff.


--
-Karl Core
Please Support "Project Boneyard":

Re: encrypted e-mails from script/cgi

Karl Core wrote:
[color=blue]
> Dear God. I hope you're not planning on having customers'
> credit card information emailed to you.[/color]

I seriously doubt God is planning on having customer's credit
card info emailed to Him <g>

--
Els http://locusmeus.com/
Sonhos vem. Sonhos vão. O resto é imperfeito.
- Renato Russo -
Now playing: Twarres - She Couldn't Laugh

Re: encrypted e-mails from script/cgi

Els wrote:[color=blue]
> Karl Core wrote:
>
>[color=green]
>>Dear God. I hope you're not planning on having customers'
>>credit card information emailed to you.[/color]
>
>
> I seriously doubt God is planning on having customer's credit
> card info emailed to Him <g>
>[/color]

I wouldn't put it past the Pope though...

NM

Re: encrypted e-mails from script/cgi

News Me wrote:[color=blue]
> Els wrote:[color=green]
>> Karl Core wrote:
>>[color=darkred]
>>>Dear God. I hope you're not planning on having customers'
>>>credit card information emailed to you.[/color]
>>
>> I seriously doubt God is planning on having customer's
>> credit card info emailed to Him <g>[/color]
>
> I wouldn't put it past the Pope though...[/color]

...or send it to the Wailing Wall..


--
Els http://locusmeus.com/
Sonhos vem. Sonhos vão. O resto é imperfeito.
- Renato Russo -
Now playing: Twarres - I Need To Know

Re: encrypted e-mails from script/cgi

"Karl Core" <karl@NOSPAMkar lcore.com> wrote in news:cs6tee$fe0 $1@ngspool-
d02.news.aol.co m:
[color=blue]
>
> "zn" <zn@zn122.edu.i nvalid> wrote in message
> news:Xns95DDAB2 7BB1EAznzn122ed uinvalid@216.19 6.97.131...[color=green]
>> If I place a form for product ordering on my website, what scripting
>> technology or CGIs can I use to encrypt the e-mail sent to my e-mail
>> account with the order information?
>>
>>[/color]
>
> Dear God. I hope you're not planning on having customers' credit card
> information emailed to you. That is extremely insecure and dangerously
> irresponsible.[/color]

Can you read? Is there a CGI/Scripting technology that will encrypt the e-
mail? If the data in a form is encrypted in something like PHP, how useful
would that e-mail be to someone else?

Re: encrypted e-mails from script/cgi

"zn" <zn@zn122.edu.i nvalid> wrote in message
[color=blue][color=green]
> > Dear God. I hope you're not planning on having customers' credit card
> > information emailed to you. That is extremely insecure and dangerously
> > irresponsible.[/color]
>
> Can you read? Is there a CGI/Scripting technology that will encrypt the e-
> mail? If the data in a form is encrypted in something like PHP, how useful
> would that e-mail be to someone else?[/color]

And how usefull would it be to the email client you send it to?

You should be using HTTPS and a secure server side process, not email.

--
Cheers
Richard.

Re: encrypted e-mails from script/cgi

"rf" <rf@.invalid> wrote in
news:gdEFd.1173 83$K7.65209@new s-server.bigpond. net.au:
[color=blue]
> "zn" <zn@zn122.edu.i nvalid> wrote in message
>[color=green][color=darkred]
>> > Dear God. I hope you're not planning on having customers' credit
>> > card information emailed to you. That is extremely insecure and
>> > dangerously irresponsible.[/color]
>>
>> Can you read? Is there a CGI/Scripting technology that will encrypt
>> the e- mail? If the data in a form is encrypted in something like
>> PHP, how useful would that e-mail be to someone else?[/color][/color]

That was supposed to read PGP.
[color=blue]
> And how usefull would it be to the email client you send it to?
>
> You should be using HTTPS and a secure server side process, not email.
>[/color]

The server already is configured for https. How do you define secure server
side process? Are you referring to having php write to a database?

Thanks.

Re: encrypted e-mails from script/cgi

"zn" <zn@zn122.edu.i nvalid> wrote[color=blue]
> "rf" <rf@.invalid> wrote in
> news:gdEFd.1173 83$K7.65209@new s-server.bigpond. net.au:[/color]
[color=blue][color=green]
> > And how usefull would it be to the email client you send it to?
> >
> > You should be using HTTPS and a secure server side process, not email.
> >[/color]
>
> The server already is configured for https. How do you define secure[/color]
server[color=blue]
> side process? Are you referring to having php write to a database?[/color]

I am now totally lost. You originally talked about sending the data vie
email. To quote:

"the e-mail sent to my e-mail account"

Once again, if you encrypt an email (however you do it) what is the email
client going to make of it?

And, if you are processing it on a server somewhere, why do you *need* to
email it anywhere?

Perhaps if you re-state exactly what you are doing and intend to do.

--
Cheers
Richard.

Re: encrypted e-mails from script/cgi

In article <AeJFd.117916$K 7.40059@news-server.bigpond. net.au>,
"rf" <rf@.invalid> wrote:
[color=blue]
> "zn" <zn@zn122.edu.i nvalid> wrote[color=green]
> > "rf" <rf@.invalid> wrote in
> > news:gdEFd.1173 83$K7.65209@new s-server.bigpond. net.au:[/color]
>[color=green][color=darkred]
> > > And how usefull would it be to the email client you send it to?
> > >
> > > You should be using HTTPS and a secure server side process, not email.
> > >[/color]
> >
> > The server already is configured for https. How do you define secure[/color]
> server[color=green]
> > side process? Are you referring to having php write to a database?[/color]
>
> I am now totally lost. You originally talked about sending the data vie
> email. To quote:
>
> "the e-mail sent to my e-mail account"
>
> Once again, if you encrypt an email (however you do it) what is the email
> client going to make of it?
>
> And, if you are processing it on a server somewhere, why do you *need* to
> email it anywhere?
>
> Perhaps if you re-state exactly what you are doing and intend to do.[/color]

Chances are your email client doesn't have this feature unless you have
one of the PGP enhancements for email You just have to know how to
decrypt it. Since the email is coming from a known source which you
have control over, you can set this up. I have

--
DeeDee, don't press that button! DeeDee! NO! Dee...

Re: encrypted e-mails from script/cgi

"rf" <rf@.invalid> wrote in news:AeJFd.1179 16$K7.40059@new s-
server.bigpond. net.au:
[color=blue]
> "zn" <zn@zn122.edu.i nvalid> wrote[color=green]
>> "rf" <rf@.invalid> wrote in
>> news:gdEFd.1173 83$K7.65209@new s-server.bigpond. net.au:[/color]
>[color=green][color=darkred]
>> > And how usefull would it be to the email client you send it to?
>> >
>> > You should be using HTTPS and a secure server side process, not[/color][/color][/color]
email.[color=blue][color=green][color=darkred]
>> >[/color]
>>
>> The server already is configured for https. How do you define secure[/color]
> server[color=green]
>> side process? Are you referring to having php write to a database?[/color]
>
> I am now totally lost. You originally talked about sending the data vie
> email. To quote:
>
> "the e-mail sent to my e-mail account"
>
> Once again, if you encrypt an email (however you do it) what is the[/color]
email[color=blue]
> client going to make of it?
>
> And, if you are processing it on a server somewhere, why do you *need*[/color]
to[color=blue]
> email it anywhere?
>
> Perhaps if you re-state exactly what you are doing and intend to do.[/color]

I have read references to off-the-shelf "commerce servers" that can e-
mail encrypted credit card orders for off-line processing in the office
using traditional credit card swipe machines. Supposedly, after the
consumer places the order, the e-mail is sent to the company and they
process the order. At the company, there has to be a way to decrypt the
encrypted e-mail message (PGP? or is there another system of sending
encrypted e-mail).

Basically, I'm trying to find a way to accept a small amount of daily
orders over the web at my company. I'd like to do something simple like
having a form with a submit button, which when clicked would submit the
data to us. We're not far enough along knowlege-wise right now
(obviously!) to setup something with online credit card processing. And
right now we'd like to avoid stepping into having to setup something
MySQL based.

Sorry about not being clearer and my earlier hasty response.

Thanks.

Re: encrypted e-mails from script/cgi

In article <Xns95DE9174986 53znzn122eduinv alid@216.196.97 .131>,
zn <zn@zn122.edu.i nvalid> wrote:
[color=blue]
> "rf" <rf@.invalid> wrote in news:AeJFd.1179 16$K7.40059@new s-
> server.bigpond. net.au:
>[color=green]
> > "zn" <zn@zn122.edu.i nvalid> wrote[color=darkred]
> >> "rf" <rf@.invalid> wrote in
> >> news:gdEFd.1173 83$K7.65209@new s-server.bigpond. net.au:[/color]
> >[color=darkred]
> >> > And how usefull would it be to the email client you send it to?
> >> >
> >> > You should be using HTTPS and a secure server side process, not[/color][/color]
> email.[color=green][color=darkred]
> >> >
> >>
> >> The server already is configured for https. How do you define secure[/color]
> > server[color=darkred]
> >> side process? Are you referring to having php write to a database?[/color]
> >
> > I am now totally lost. You originally talked about sending the data vie
> > email. To quote:
> >
> > "the e-mail sent to my e-mail account"
> >
> > Once again, if you encrypt an email (however you do it) what is the[/color]
> email[color=green]
> > client going to make of it?
> >
> > And, if you are processing it on a server somewhere, why do you *need*[/color]
> to[color=green]
> > email it anywhere?
> >
> > Perhaps if you re-state exactly what you are doing and intend to do.[/color]
>
> I have read references to off-the-shelf "commerce servers" that can e-
> mail encrypted credit card orders for off-line processing in the office
> using traditional credit card swipe machines. Supposedly, after the
> consumer places the order, the e-mail is sent to the company and they
> process the order. At the company, there has to be a way to decrypt the
> encrypted e-mail message (PGP? or is there another system of sending
> encrypted e-mail).
>
> Basically, I'm trying to find a way to accept a small amount of daily
> orders over the web at my company. I'd like to do something simple like
> having a form with a submit button, which when clicked would submit the
> data to us. We're not far enough along knowlege-wise right now
> (obviously!) to setup something with online credit card processing. And
> right now we'd like to avoid stepping into having to setup something
> MySQL based.
>
> Sorry about not being clearer and my earlier hasty response.
>
> Thanks.
>[/color]

Well, I'd start reading some books. Start with the O'Reilley articles
(http://www.ora.com) on e-commerce and security.
http://www.oreilly.com/catalog/websec2/index.html might be a good place
to start.

I suspect the credit card terminals use an encryption scheme that's know
to the server with which they connect. The server decodes and processes
the transaction and sends the email to the vendor. There's no need to
do something like this at all. Your approach of trying to do encrypted
email is a case in point--a little knowledge is a getting in the way of
solving this business problem.

What we did to charge credit cards our site was to start by setting up a
merchant account with a clearing house to process credit card
transactions. They gave us access to their secure web site to do
"virtual terminal" transactions by entering the credit card information
by hand from US mail orders. Customers were sent email confirming the
charge if they supplied it to us.

Using the clearing house's very complete technical specs, we created a
form which collects information from the customer from the secure web
server offered by our ISP. The form, when the customer submits it, runs
a perl script that contacts the clearing house (also using SSL web
connection) and submits a form with the various fields filled in
collected from the customer's form. The clearing house takes it from
there, verifying and emailing the customer (and us) of the transaction.

Others have suggested setting up an e-commerce module to do this. That
would work as well. The key to the encryption is the SSL server, which
is doing the encryption you asked about. You need to revisit your idea
of "rolling your own" encrypted email and do this right from the start.
If you don't have skills to do that, hire them or delay the project
until you can do it yourself.

--
DeeDee, don't press that button! DeeDee! NO! Dee...

Re: encrypted e-mails from script/cgi

Michael Vilain <vilain@spamcop .net> wrote in
news:vilain-AFF581.13203514 012005@news.gig anews.com:
[color=blue]
> In article <Xns95DE9174986 53znzn122eduinv alid@216.196.97 .131>,
> zn <zn@zn122.edu.i nvalid> wrote:
>[color=green]
>> "rf" <rf@.invalid> wrote in news:AeJFd.1179 16$K7.40059@new s-
>> server.bigpond. net.au:
>>[color=darkred]
>> > "zn" <zn@zn122.edu.i nvalid> wrote
>> >> "rf" <rf@.invalid> wrote in
>> >> news:gdEFd.1173 83$K7.65209@new s-server.bigpond. net.au:
>> >
>> >> > And how usefull would it be to the email client you send it to?
>> >> >
>> >> > You should be using HTTPS and a secure server side process, not[/color]
>> email.[color=darkred]
>> >> >
>> >>
>> >> The server already is configured for https. How do you define
>> >> secure
>> > server
>> >> side process? Are you referring to having php write to a database?
>> >
>> > I am now totally lost. You originally talked about sending the data
>> > vie email. To quote:
>> >
>> > "the e-mail sent to my e-mail account"
>> >
>> > Once again, if you encrypt an email (however you do it) what is the[/color]
>> email[color=darkred]
>> > client going to make of it?
>> >
>> > And, if you are processing it on a server somewhere, why do you
>> > *need*[/color]
>> to[color=darkred]
>> > email it anywhere?
>> >
>> > Perhaps if you re-state exactly what you are doing and intend to
>> > do.[/color]
>>
>> I have read references to off-the-shelf "commerce servers" that can
>> e- mail encrypted credit card orders for off-line processing in the
>> office using traditional credit card swipe machines. Supposedly,
>> after the consumer places the order, the e-mail is sent to the
>> company and they process the order. At the company, there has to be a
>> way to decrypt the encrypted e-mail message (PGP? or is there another
>> system of sending encrypted e-mail).
>>
>> Basically, I'm trying to find a way to accept a small amount of daily
>> orders over the web at my company. I'd like to do something simple
>> like having a form with a submit button, which when clicked would
>> submit the data to us. We're not far enough along knowlege-wise right
>> now (obviously!) to setup something with online credit card
>> processing. And right now we'd like to avoid stepping into having to
>> setup something MySQL based.
>>
>> Sorry about not being clearer and my earlier hasty response.
>>
>> Thanks.
>>[/color]
>
> Well, I'd start reading some books. Start with the O'Reilley articles
> (http://www.ora.com) on e-commerce and security.
> http://www.oreilly.com/catalog/websec2/index.html might be a good
> place to start.
>
> I suspect the credit card terminals use an encryption scheme that's
> know to the server with which they connect. The server decodes and
> processes the transaction and sends the email to the vendor. There's
> no need to do something like this at all. Your approach of trying to
> do encrypted email is a case in point--a little knowledge is a getting
> in the way of solving this business problem.
>
> What we did to charge credit cards our site was to start by setting up
> a merchant account with a clearing house to process credit card
> transactions. They gave us access to their secure web site to do
> "virtual terminal" transactions by entering the credit card
> information by hand from US mail orders. Customers were sent email
> confirming the charge if they supplied it to us.
>
> Using the clearing house's very complete technical specs, we created a
> form which collects information from the customer from the secure web
> server offered by our ISP. The form, when the customer submits it,
> runs a perl script that contacts the clearing house (also using SSL
> web connection) and submits a form with the various fields filled in
> collected from the customer's form. The clearing house takes it from
> there, verifying and emailing the customer (and us) of the
> transaction.
>
> Others have suggested setting up an e-commerce module to do this.
> That would work as well. The key to the encryption is the SSL server,
> which is doing the encryption you asked about. You need to revisit
> your idea of "rolling your own" encrypted email and do this right from
> the start. If you don't have skills to do that, hire them or delay
> the project until you can do it yourself.
>[/color]

Thanks for all of the details! The clearing house method sounds like a
great way to go. Do you know the name of a clearing house off the top of
your head?

Re: encrypted e-mails from script/cgi

zn <zn@zn122.edu.i nvalid> wrote in
news:Xns95DEAC8 E13409znzn122ed uinvalid@216.19 6.97.131:
[color=blue]
> Michael Vilain <vilain@spamcop .net> wrote in
> news:vilain-AFF581.13203514 012005@news.gig anews.com:
>[color=green]
>> In article <Xns95DE9174986 53znzn122eduinv alid@216.196.97 .131>,
>> zn <zn@zn122.edu.i nvalid> wrote:
>>[color=darkred]
>>> "rf" <rf@.invalid> wrote in news:AeJFd.1179 16$K7.40059@new s-
>>> server.bigpond. net.au:
>>>
>>> > "zn" <zn@zn122.edu.i nvalid> wrote
>>> >> "rf" <rf@.invalid> wrote in
>>> >> news:gdEFd.1173 83$K7.65209@new s-server.bigpond. net.au:
>>> >
>>> >> > And how usefull would it be to the email client you send it to?
>>> >> >
>>> >> > You should be using HTTPS and a secure server side process, not
>>> email.
>>> >> >
>>> >>
>>> >> The server already is configured for https. How do you define
>>> >> secure
>>> > server
>>> >> side process? Are you referring to having php write to a database?
>>> >
>>> > I am now totally lost. You originally talked about sending the data
>>> > vie email. To quote:
>>> >
>>> > "the e-mail sent to my e-mail account"
>>> >
>>> > Once again, if you encrypt an email (however you do it) what is the
>>> email
>>> > client going to make of it?
>>> >
>>> > And, if you are processing it on a server somewhere, why do you
>>> > *need*
>>> to
>>> > email it anywhere?
>>> >
>>> > Perhaps if you re-state exactly what you are doing and intend to
>>> > do.
>>>
>>> I have read references to off-the-shelf "commerce servers" that can
>>> e- mail encrypted credit card orders for off-line processing in the
>>> office using traditional credit card swipe machines. Supposedly,
>>> after the consumer places the order, the e-mail is sent to the
>>> company and they process the order. At the company, there has to be a
>>> way to decrypt the encrypted e-mail message (PGP? or is there another
>>> system of sending encrypted e-mail).
>>>
>>> Basically, I'm trying to find a way to accept a small amount of daily
>>> orders over the web at my company. I'd like to do something simple
>>> like having a form with a submit button, which when clicked would
>>> submit the data to us. We're not far enough along knowlege-wise right
>>> now (obviously!) to setup something with online credit card
>>> processing. And right now we'd like to avoid stepping into having to
>>> setup something MySQL based.
>>>
>>> Sorry about not being clearer and my earlier hasty response.
>>>
>>> Thanks.
>>>[/color]
>>
>> Well, I'd start reading some books. Start with the O'Reilley articles
>> (http://www.ora.com) on e-commerce and security.
>> http://www.oreilly.com/catalog/websec2/index.html might be a good
>> place to start.
>>
>> I suspect the credit card terminals use an encryption scheme that's
>> know to the server with which they connect. The server decodes and
>> processes the transaction and sends the email to the vendor. There's
>> no need to do something like this at all. Your approach of trying to
>> do encrypted email is a case in point--a little knowledge is a getting
>> in the way of solving this business problem.
>>
>> What we did to charge credit cards our site was to start by setting up
>> a merchant account with a clearing house to process credit card
>> transactions. They gave us access to their secure web site to do
>> "virtual terminal" transactions by entering the credit card
>> information by hand from US mail orders. Customers were sent email
>> confirming the charge if they supplied it to us.
>>
>> Using the clearing house's very complete technical specs, we created a
>> form which collects information from the customer from the secure web
>> server offered by our ISP. The form, when the customer submits it,
>> runs a perl script that contacts the clearing house (also using SSL
>> web connection) and submits a form with the various fields filled in
>> collected from the customer's form. The clearing house takes it from
>> there, verifying and emailing the customer (and us) of the
>> transaction.
>>
>> Others have suggested setting up an e-commerce module to do this.
>> That would work as well. The key to the encryption is the SSL server,
>> which is doing the encryption you asked about. You need to revisit
>> your idea of "rolling your own" encrypted email and do this right from
>> the start. If you don't have skills to do that, hire them or delay
>> the project until you can do it yourself.
>>[/color]
>
> Thanks for all of the details! The clearing house method sounds like a
> great way to go. Do you know the name of a clearing house off the top[/color]
of[color=blue]
> your head?[/color]

I'm responding to my own post ... now that I've heard some of the lingo,
I found some info on Google. Here's a link:

Re: encrypted e-mails from script/cgi

zn wrote:[color=blue]
> zn <zn@zn122.edu.i nvalid> wrote in[/color]
[color=blue][color=green]
>>Thanks for all of the details! The clearing house method sounds like a
>>great way to go. Do you know the name of a clearing house off the top[/color]
>
> of
>[color=green]
>>your head?[/color]
>
>
> I'm responding to my own post ... now that I've heard some of the lingo,
> I found some info on Google. Here's a link:
>
> http://www.elsop.com/wrc/in_card.htm[/color]

The first three links in the content on that page are dead. Maybe it's
badly out of date?

--
Michael
m r o z a t u k g a t e w a y d o t n e t