[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Off topic - kind of - SSL question

Subject: Re: [cobalt-users] Off topic - kind of - SSL question
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
Date: Sat Sep 9 11:49:53 2000
Organization: nobaloney.net

Cobalt wrote:

> Putting PGP on the server is out of the question due to cost.  I
> have been playing with GnuPG but haven't been able to get it to work with
> PGP  or a Windoze client to decrypt the message.
> 
> Question #1:  Does anyone have this working on a RAQ3? or have good
> information on how to get it working?

Looks like you didn't get any public responses all week.  Did you get
any private responses?

I haven't done it yet, but I might be interested in doing it for you at
no charge so I'll know how to do it for the future.  Write me offlist if
you're interested in this offer.

> Another option that I was thinking of was using PHP3 and MySQL.  I would
> like the customer to order online via the secure connection and have the
> ordering information stored in a MySQL database.  The customer could then go
> to a secure web page and view the order information.

This seems like such a wonderful idea until you remember all the system
breakins and credit card thefts you've read about during the past year. 
Leaving credit card information on an Internet-connected server even a
second longer than necessary is NEVER a good idea.

> Question #2:  What are the security implications with doing it this way?  My
> understanding that as long as you have a secure cert that any information
> exchanged between the server and the client browser is encrypted/secure.  Is
> this true?  Would there be any issues with the security of the MySQL
> database?

New hacks into Linux boxes are discovered every day.  Don't ever give
telnet access (or even SSH access) to anyone on your system if you're
going to do this.

Even then, there are lots of other ways in <frown>.

> Any help would be appreciated.  SSL is still pretty new to me, and it is
> very important that it is 100% secure for ordering.

Then do it right.  I'd highly recommend an offsite credit-card ordering
system, for example authorize.net.  That way the credit card is NEVER on
your system and you never have any responsibility or bad publicity.

Jeff
-- 
Jeff Lasman <jblists@xxxxxxxxxxxxx>
nobaloney.net
P. O. Box 52672
Riverside, CA  92517
voice: (909) 787-8589  *  fax: (909) 782-0205

References:
- [cobalt-users] Off topic - kind of - SSL question
  - From: Cobalt

Prev by Date: Re: [cobalt-users] rehashing /etc/virtusertable
Next by Date: Re: [cobalt-users] Off topic - kind of - SSL question
Previous by thread: [cobalt-users] Off topic - kind of - SSL question
Next by thread: Re: [cobalt-users] Off topic - kind of - SSL question

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index