Mail Server Help
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me

The Shed is going Social! Join us on FaceBook and Twitter and chime in on the conversation.

Go Back   Dev Shed ForumsSystem AdministrationMail Server Help
Reload this Page

making mail() secure??


Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
  #1  
Old November 4th, 2003, 04:35 PM
nothinfacd nothinfacd is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Jul 2003
Posts: 40 nothinfacd User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 2 h 7 m 57 sec
Reputation Power: 10
making mail() secure??
Hi,

I am planning to setup an online store where customers can order cds. On the order page, it asks for their credit card number (which we do NOT store in our database). I will be sending this credit card number through the PHP mail() function to a faxing service (to fax the order to the warehouse).

I know that I will need SSL to support the security of the form processing.

*However, I am not sure what security measures I need to take to make sure the e-mail is sent securely.


Thanks in advance

John B
Reply With Quote
  #2  
Old November 5th, 2003, 03:57 PM
alexgreg's Avatar
alexgreg alexgreg is offline
Full Access
Dev Shed Regular (2000 - 2499 posts)
  
Join Date: Jun 2000
Location: London, UK
Posts: 2,019 alexgreg User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 3 sec
Reputation Power: 15
Quote:
On the order page, it asks for their credit card number (which we do NOT store in our database). I will be sending this credit card number through the PHP mail() function to a faxing service (to fax the order to the warehouse).

This means that the server administrators will be able to intercept the credit card numbers sent via mail() if they so wish. The fax containing the credit card details can also be intercepted by the faxing service or a phone eavesdropper.
Quote:
I know that I will need SSL to support the security of the form processing.

This will ensure encryption between client and server; however, you need to ensure that the email is encrypted until it arrives at its destination.

You should do something like this: Have the browser submit a form over SSL to the web server containing the card details. The PHP script that you post to will need to open a pipe to gpg or a similar program to encrypt the data with a public key held on the server. This encrypted data can then be emailed to the warehouse, where it can be decrypted with the private key.
__________________
Alex
(http://www.alex-greg.com)
Reply With Quote
Reply

Viewing: Dev Shed ForumsSystem AdministrationMail Server Help > making mail() secure??

« Previous Thread | Next Thread »

Developer Shed Advertisers and Affiliates



Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump

Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 


Powered by: vBulletin Version 3.0.5
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.

© 2003-2013 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap