RE: [cobalt-developers] SSL on RAQ 4 basic help

["Hosting Sales" <hosting@xxxxxxxxxxx>]

> -----Original Message-----
> From: cobalt-developers-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-developers-
> admin@xxxxxxxxxxxxxxx] On Behalf Of FS
> Sent: Wednesday, November 21, 2001 6:01 AM
> To: cobalt-developers@xxxxxxxxxxxxxxx
> Subject: [cobalt-developers] SSL on RAQ 4 basic help
> 
> Hi,
> 
> Can anyone help.?
> 
> I'm trying to set-up a secure connection for a client who wants users
to
> enter credit card details on a web page and then have these emailed to
> them.
> No real On-line payment is happening so my thoughts on how to do this
> would
> be to set up a secure connection via SSL and then send the email using
> APOP.
> Is this the best way to do this? If so, how do I actually use the SSL
on a
> web page? I know how to activate it on a site, but how do I actually
> implement it for a particular web page (i.e.. the page that has the
> details
> entered on to it..)?
> 
> I know this is probably quite basic stuff, but would really appreciate
> some
> help.
> 
> Thanks
> 
> F.
> 

It is considered very bad form (and misleading) to use a secure site to
gather confidential information (such as a credit card number) and then
use a less secure means (such as plain-text email) to forward the
gathered information over the 'Net to another host.  Don't even think
about doing this unless the email (end to end, not just host to host)
will use a level of encrpyption at least as good as that of your web
server (probably 128-bit).  Likewise, don't store the data unencrypted
in any files on any system, including the secure server and the mail
server.

When browsing clients see the padlock icon, they have certain
expectations of information privacy.  You may be opening a king-size can
of worms if you violate those expectations for the sake of expediency.

Jack