On May 10, 2006, at 4:20 AM, Toni Mueller wrote:
Hello Bill, hello Peter,On Thu, 06.04.2006 at 09:51:21 -0400, Bill Carr <suppressed> wrote:On Apr 5, 2006, at 11:08 PM, Peter wrote:On 04/05/2006 07:18 PM, Bill Carr wrote: That's a really tough one. The best way to go is to store the data encrypted on one server, then allow that server access to another server which will have the necessary private key to unencrypt the data and push the transaction through the credit card processor (but does not store the data post transaction), then you can keep the encrypted data seperate from the key required to unencrypt it. There are probably other ways to do this, that is just one way that comes to mind.I think this is a bad idea. If the customer (the shop server) can decrypt the card details, the attacker can do it, too. So you gain nothing except for a second computer.It has been a burden for us to walk our customers through setting up their PGP keys. We have been using Windows Privacy Tools. Our customers are mostly non-technical and often get confused by the process. Almost all of them are on Windows. We are also limiting them to using Outlook Express for e-mail because there is a WinPT plugin for it. What are some easier ways to get non-technical, remote users setup with PGP?Try to set them up using Thunderbird (or SeaMonkey) plus Enigmail plus GnuPG which is *MUCH* better for PGP usage. For one, it can do PGP/MIME, and you will transparently see the contents of your PGP-encrypted attachment much in the same way that you get to see an attached PDF in your email - you still need to enter the passphrase, however. If you want to see the credit card number in the admin screens, then you need to de-couple the real shop and the admin screen to run ondifferent machines, and prevent the shop server from ever accessing theadmin server where you need to have the private key for backend usage, in addition to having extra hard security on that box to prevent it from being cracked. FWIW, WinPT uses the Windows clipboard and can therefore be used together with any email program.
Hi Toni,Thanks for the comments. For the record, I wrote the bit about WinPT being too hard and not the bit about the two server solution above. Will try Thunderbird plus Enigmail plus GnuPG.
Best, Bill _______________________________________________ interchange-users mailing list suppressed http://www.icdevgroup.org/mailman/listinfo/interchange-users
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.