RE: [cobalt-developers] SSL on RAQ 4 basic help

["Smack in Outlook" <smack@xxxxxxxxxxxxxx>]

> Message: 3
> From: "Hosting Sales" <hosting@xxxxxxxxxxx>
> Subject: RE: [cobalt-developers] SSL on RAQ 4 basic help
> Date: Wed, 21 Nov 2001 10:28:34 -0500
> >
> >
> > I'm trying to set-up a secure connection for a client who wants users
> to
> > enter credit card details on a web page and then have these emailed to
> > them.
> > No real On-line payment is happening so my thoughts on how to do this
> > would
> > be to set up a secure connection via SSL and then send the email using
> > APOP.
> > Is this the best way to do this? If so, how do I actually use the SSL
> on a
> > web page? I know how to activate it on a site, but how do I actually
> > implement it for a particular web page (i.e.. the page that has the
> > details
> > entered on to it..)?
> >
> > I know this is probably quite basic stuff, but would really appreciate
> > some
> > help.
> >
> > Thanks
> >
> > F.
> >
>
> It is considered very bad form (and misleading) to use a secure site to
> gather confidential information (such as a credit card number) and then
> use a less secure means (such as plain-text email) to forward the
> gathered information over the 'Net to another host.  Don't even think
> about doing this unless the email (end to end, not just host to host)
> will use a level of encrpyption at least as good as that of your web
> server (probably 128-bit).  Likewise, don't store the data unencrypted
> in any files on any system, including the secure server and the mail
> server.
>
> When browsing clients see the padlock icon, they have certain
> expectations of information privacy.  You may be opening a king-size can
> of worms if you violate those expectations for the sake of expediency.
>