We are currently setting up the latest version of S-Mart. Our web site is virtually hosted. For security purposes, we need to PGP encrypt the order information before it gets emailed to us. How would that be accomplished? (I am somewhat new to Perl)

Thank you,

Peter

-- Peter Foley (ccs@cc-solutions.com), January 09, 1998

Answers

Well maybe you prefer an easier solution Peter; I don't see many other answers here !

When the buyer responds by submitting his order, the secure server will decode the incoming and place it in whatever space and whichever server you have selected. Right now PGP (pretty good privacy) has not been used nor do I reckon it's worth it... which was of course your question.

I've tried this instead... I don't use Barrys mail to send the data to myself, instead just write the buyers form data to a database file in a hidden directory. (Put a full stop prior the dir name). If you put an htaccess file in that dir, you should keep most hackers out and you don't have to re-encrypt the form data with PGP which the secure server kindly decoded for you in the first place meaning that you never had to think about encryption at all to run a secure S-Mart.

Then you could modify Barrys scripts and run a database list entries routine to get the cc data set. Alternatively run a web site manager like SiteMgr and edit your data file online, (i.e., delete the cc data set once read by you).

Well - thats how you do it all quickly and without pain buy maybe not the answer you wanted ;-)

And I'm lookin forward to v2 with SSI (please Emperor). Bruce Davidson bruce@allied.demon.co.uk

-- Bruce Davidson (bruce@allied.demon.co.uk), January 10, 1998.

Bruce Davidson supplied the following in answer to Peter Foley -- However, Mr. Davidson, could you give details on how to do the things you mentioned? I've thought of the things you're suggesting, but because I am, like Mr. Foley, pretty new to perl, I could sure use a few pointers.

I've tried this instead... I don't use Barrys mail to send the data to myself, instead just write the buyers form data to a database file in a hidden directory (How?). (Put a full stop prior the dir name (How?)). If you put an htaccess file in that dir (How?), you should keep most hackers out and you don't have to re-encrypt the form data with PGP which the secure server kindly decoded for you in the first place meaning that you never had to think about encryption at all to run a secure S-Mart.

Then you could modify Barrys scripts and run a database list entries routine (How?) to get the cc data set. Alternatively run a web site manager like SiteMgr and edit your data file online, (i.e., delete the cc data set once read by you).

Thanks in advance for any details you can give, and thanks to the Emperor for the scripts and the forum. By the way, here's another dumb question from a guy who's learning just a ton of stuff this way -- What is SSI?

Bob Orr
borr@ourteam.com

-- Bob Orr (BobOrr@ourshoponline.com), January 10, 1998.

Hi Bob, Got your e-mail also. I'll save the BBS space and mail you with reply to your specific questions, but briefly - the scripts are so clear and readable by anyone once you have figured out what Barry is doing and why he did this and that (great bedtime reading), that modifying and adding other routines is a breeze.

His order tracking item is a good pointer to writing your own files where you can just copy it as another sub routine and provided you insert the math for the cart in that routine, you can write a pretty good file - anyway e-mail later. Bi BD

-- Bruce Davidson (bruce@allied.demon.co.uk), January 11, 1998.

This is a related issue - A temporary work around to the smartadmin security problem. If you enable smarttrack - so you can write CC info to the track.db file (rename and hide the location) but also edit the smart.cgi script and change the value of if ($usetrack eq 1) { print "
Track an Order
\n"; to eq 0 - This prevents the link from being printed. This will permit you to exclude a the CC info from the emails and run smarttrack to create a the CC file which can be accessed via SSL

-- denny ladwig (denny@desertcactus.com), January 17, 1998.

Hi, Also for a little more security you can put the cc information a couple of directories down and encrypt each directory with .htaccess so you will have to type in a password for every directory you go thru seems a little over kill but if someone has to go thru that much trouble they might try somebody else that easy.

Jim

-- James L. Farmer (jim@team-blankets.com), June 01, 1999.