Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Thu May 27 1999 - 23:44:23
Michael Bauer (mick@visi.com)
Wed, 28 Apr 1999 11:36:41 -0500 (CDT)
Howdy.
A non-profig org. I know of wants to be able to accept credit-card pledges
from members via the Web, but they don't have a lot of $$ to spend on the
project (i.e., they don't want to hire any 3rd party to accept the
credit-card pledges for them). Assuming their own web-server is secure,
what do you guys think about the following scenario?:
1. Member enters credit-card #, etc. in SSL-protected web form.
2. Form data is processed by PERL script that uses PGP (or is there a
PERL module that can do this?) to encrypt form data with accountant's
public key, mails encrypted data to accountant.
Is this a viable proposal, or is it too vulnerable to chosen-plaintext
or other cryptanalytical attacks? Or are we barking up the wrong tree
altogether? I'm convinced that with a little effort we can construct a
secure solution using established free/share-ware tools.
Thanks for any input,
Mick Bauer
/===========================\
| Michael D.(Mick) Bauer |
| Sr. Network Engineer |
| EXi Corporation |
| Roseville, MN |
| mbauer<at>exicorp.com |
\===========================/
The following archive was created by hippie-mail 7.98617-22 on Thu May 27 1999 - 23:44:23