[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] PGP for dummys
- Subject: Re: [cobalt-users] PGP for dummys
- From: "Steve Werby" <steve-lists@xxxxxxxxxxxx>
- Date: Mon May 13 10:14:18 2002
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
"Jeff Lasman" <jblists@xxxxxxxxxxxxx> wrote:
> Gerald Waugh wrote:
>
> > I installed everything, but when I use the form to send an email
> > through gnupgmail.cgi
> >
> > All I ever get in the email is $Subject
> >
> > Subject: Credit Card Payment
>
> Gerald, while this is NOT a real answer, it may hopefully provide you
> with a temporary workaround.
>
> A friend of mine told me about this yesterday, and yes, it works
> <smile>...
>
> He uses a form (make sure it uses "POST" and NOT "GET"), called with
> https:, NOT http:,
For the benefit of others - uing the POST method over GET which would
display the credit card info. in the browser's URL query string is
advisable, whether HTTP or HTTPS is used.
> and uses that form to send an email to a user created
> just for it on the server. Then he uses neomail (again with https:) to
> read the email; he can cut and paste the information, or copy it.
>
> This might help you in the short run until you've got the PGP working.
>
> If you see any holes in this, let me know.
Jeff, in your friend's solution, the credit card data is stored on the
server in plain text. Anyone who can access the email spool has access to
the credit card info. and if the mail spool's owner ever accesses his/her
email via a client program using standard plain text POP or IMAP it's
possible for the credit card info. to be sniffed. It's certainly a step up
from sending data using HTTP or sending the email in plain text to an
external account, but any solution that keeps credit card information on the
server in plain text is risky.
--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/