Security Suggestions?

greenspun.com : LUSENET : S-Mart Shopping Cart : One Thread

I'm looking for any suggestions anyone might have regarding security for S-mart. The script emails all orders, and even if the order is placed from a secure server, email is not secure.

A better solution would be to have a two part ordering process. Where the initial information name, address, etc., is emailed notifying the merchant of the order, the second part of the form would write to a textfile database (pipe delimited) and would contain sensitive info. This info could be accessed using a database program through the net. The directory containing the info would be password protected. This isn't perfect, but it's better than email. Unfortunately this won't work because the script doesn't support the "redirect" hidden tag.

Any suggestions for securing info would be appreciated.

Thanks

-- Chris Staniar (chris@virxpress.com), August 10, 1998

Answers

The other thing you can do is in the code for the credit card number field include the following exclude="1". When this value is set to 1 the script does not send the field in the email.

input name="cardnumber" size="20" exclude="1" (<> were left off each end to be able to display properly)

-- Kevin (keving@businesswebworks.com), August 02, 1999.


I'm in the process of implementing PGPMail from Matts Script Archive. It pgp encrypts the email before sending it. That's a solution... just haven't gotten it to work yet.

-Jon

-- Jonathan Wheat (jwheat@proweb.nu), May 23, 2000.


Moderation questions? read the FAQ