Mail Server Help
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me
Go Back   Dev Shed ForumsSystem AdministrationMail Server Help
Reload this Page

making mail() secure??

Discuss making mail() secure?? in the Mail Server Help forum on Dev Shed.
making mail() secure?? Mail Server Help forum discussing tips, tricks, techniques and Spam containment solutions. Topics include mail servers such as Sendmail and Qmail, webmail interfaces such as Squirrelmail and Horde and spam solutions such as SpamAssassin and Bayesian

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
Get inside! Sample the range of functionality easily built with JMSL Library for Time Series Data Analysis, Heat Maps, Portfolio Optimization, Monte Carlo Simulation, Stock Price Charting and more. Download Now!
  #1  
Old November 4th, 2003, 04:35 PM
nothinfacd nothinfacd is offline
Contributing User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Jul 2003
Posts: 40 nothinfacd User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 2 h 7 m 57 sec
Reputation Power: 6
making mail() secure??
Hi,

I am planning to setup an online store where customers can order cds. On the order page, it asks for their credit card number (which we do NOT store in our database). I will be sending this credit card number through the PHP mail() function to a faxing service (to fax the order to the warehouse).

I know that I will need SSL to support the security of the form processing.

*However, I am not sure what security measures I need to take to make sure the e-mail is sent securely.


Thanks in advance

John B
Reply With Quote
  #2  
Old November 5th, 2003, 03:57 PM
alexgreg's Avatar
alexgreg alexgreg is offline
Full Access
Dev Shed Regular (2000 - 2499 posts)
  
Join Date: Jun 2000
Location: London, UK
Posts: 2,019 alexgreg User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 3 sec
Reputation Power: 11
Quote:
On the order page, it asks for their credit card number (which we do NOT store in our database). I will be sending this credit card number through the PHP mail() function to a faxing service (to fax the order to the warehouse).

This means that the server administrators will be able to intercept the credit card numbers sent via mail() if they so wish. The fax containing the credit card details can also be intercepted by the faxing service or a phone eavesdropper.
Quote:
I know that I will need SSL to support the security of the form processing.

This will ensure encryption between client and server; however, you need to ensure that the email is encrypted until it arrives at its destination.

You should do something like this: Have the browser submit a form over SSL to the web server containing the card details. The PHP script that you post to will need to open a pipe to gpg or a similar program to encrypt the data with a public key held on the server. This encrypted data can then be emailed to the warehouse, where it can be decrypted with the private key.
__________________
Alex
(http://www.alex-greg.com)
Reply With Quote
Reply

Viewing: Dev Shed ForumsSystem AdministrationMail Server Help > making mail() secure??

« Previous Thread | Next Thread »

Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump


Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 





© 2003-2008 by Developer Shed. All rights reserved. DS Cluster 6 hosted by Hostway