#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2003
    Posts
    40
    Rep Power
    12

    making mail() secure??


    Hi,

    I am planning to setup an online store where customers can order cds. On the order page, it asks for their credit card number (which we do NOT store in our database). I will be sending this credit card number through the PHP mail() function to a faxing service (to fax the order to the warehouse).

    I know that I will need SSL to support the security of the form processing.

    *However, I am not sure what security measures I need to take to make sure the e-mail is sent securely.


    Thanks in advance

    John B
  2. #2
  3. Full Access
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Jun 2000
    Location
    London, UK
    Posts
    2,019
    Rep Power
    17
    On the order page, it asks for their credit card number (which we do NOT store in our database). I will be sending this credit card number through the PHP mail() function to a faxing service (to fax the order to the warehouse).
    This means that the server administrators will be able to intercept the credit card numbers sent via mail() if they so wish. The fax containing the credit card details can also be intercepted by the faxing service or a phone eavesdropper.
    I know that I will need SSL to support the security of the form processing.
    This will ensure encryption between client and server; however, you need to ensure that the email is encrypted until it arrives at its destination.

    You should do something like this: Have the browser submit a form over SSL to the web server containing the card details. The PHP script that you post to will need to open a pipe to gpg or a similar program to encrypt the data with a public key held on the server. This encrypted data can then be emailed to the warehouse, where it can be decrypted with the private key.
    Alex
    (http://www.alex-greg.com)

IMN logo majestic logo threadwatch logo seochat tools logo