[ic] CC Encryption

John Beima interchange-users@icdevgroup.org
Tue Jun 11 20:48:01 2002 

It wouldn't matter if they hacked the Interchange server, since it doesn't store
the CC numbers either. It has been designed NOT to allow this to happen, and for
good reason...

But hey if you wish to have the cc companies take legal action against you for
STUPIDLY and irresponsibly handling cc information.. Since it would be YOU held
responsible for the neglagence...

I bet even you clients would be able to take action against you for being the
cause of all this as well...


John Beima
jbeima@palb.com, support@alocalagent.com, and support@alocalchurch.com

P.A.L.B. Systems - Phone: (780)451-1086 - Fax: (780)447-4760
11639-122 Street, Edmonton, Alberta, Canada, T5M 0B6

Affordable Web Pages - Phone: (888)932-9990 - Fax: (256)351-7297
2713B Spring Place SW, Decatur, Alabama, United States, 35603



Quoting Michael Baird <mike@tc3net.com>:

> The customers are already running Windows based OS's anyway, anyway's I just
> 
> asked for the choice, not that it become the defacto standard, because It's
> 
> what my customers want. A hacker can always break into the server and hack 
> the interchange CGI's as well, maybe the perl scripts should be encrypted to
> 
> stop this. Well anyway I wasn't looking for reasons why this shouldn't be 
> done (I'm quite aware of the caveats and all), I just wanted to know if there
> 
> was an option I missed, or if someone had already patched it to function in
> 
> the manner customers are accustomed to, if the answer is no, I will patch it
> 
> myself to function in a way that the customers will best be able to deal with
> 
> . Talking a few 100 novices through setting up PGP, not to mention those 
> using web based mail systems, which do not support it, isn't a practical 
> solution in my mind.
> 
> Regards
> MIKE
> 
> On Tuesday 11 June 2002 18:33, Dan Browning wrote:
> > At 05:09 PM 6/11/2002 -0400, you wrote:
> > >Does Interchange have the ability to send the credit card number in the
> > > clear via email with each order, or does someone already have a patch
> to
> > > do so? I want to switch over to Interchange for my offering, but having
> > > the users setup PGP on their machines is probably too much to ask, some
> > > of them can barely do email at all, I just want the option to do it in
> > > the clear (this is how my current solution deals with it as well).
> > >
> > >Regards
> > >MIKE
> >
> > So, some one only has to hack the mail queues on your server, their
> client,
> > or listen to ANY tcp-ip point between your server and the client?  That
> is
> > like writing the numbers on a postcard and mailing it.
> >
> > Knock on wood.
> >
> >
> > +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >
> > | Dan Browning, Kavod Technologies <db@kavod.com>
> >
> > +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > Parts that positively cannot be assembled in improper order will be.
> >
> > _______________________________________________
> > interchange-users mailing list
> > interchange-users@icdevgroup.org
> > http://www.icdevgroup.org/mailman/listinfo/interchange-users
> 
> _______________________________________________
> interchange-users mailing list
> interchange-users@icdevgroup.org
> http://www.icdevgroup.org/mailman/listinfo/interchange-users
> 


-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/