I've been working with ASP for 6+ years now, but in that time I've
never had any solid advice on how to build a secure system. So I
thought I'd ask here first.
Anyway, here's the situation: I have a client who wants to take credit
card information via ASP form (https) and then send the resulting
content (which may be either HTML- or text-formatted) to their email
account, which they access using Outlook (2000, I believe). I want to
build the system to make it as secure as is reasonably possible; at
the same time, they want to make it easy to read / retrieve their
signed/encrypted messages.
I know their are a lot of components out on the market that permit
programmatic encryption of data, but I don't know enough about what I
need to make an informed buying decision. I've heard that encrypting
the email content and then signing the entire message is the proper
thing to do, but how do I actually do that via code? And I definitely
don't understand how the message is handled once it reaches Outlook
(via POP, IMAP or Exchange -- they haven't decided on which yet).
My brain is full of things such as AES, MD5 + SHA-1, SSL, S/MIME and
such -- how do I put all these things together into an effective
solution? Any light ya'll can shed on this would be greatly
appreciated. Thanks in advance........ ....
-=Tek Boy=- 5 1872
I don't necessarily have answers to your questions, but FWIW, when we did
the website at my company (a bank), e-mailing sensitive data was something
that we discussed with our security department and the OCC, and we all
agreed that it should simply not be done. All of our form data is retrieved
via an https admin area on the server, and no customer data is ever e-mailed
anywhere. It was all just simply to insecure to consider e-mailing.
Ray at work
"Saiyan Vejita" <ve**********@h otmail.com> wrote in message
news:e7******** *************** ***@posting.goo gle.com... I've been working with ASP for 6+ years now, but in that time I've never had any solid advice on how to build a secure system. So I thought I'd ask here first.
Anyway, here's the situation: I have a client who wants to take credit card information via ASP form (https) and then send the resulting content (which may be either HTML- or text-formatted) to their email account, which they access using Outlook (2000, I believe). I want to build the system to make it as secure as is reasonably possible; at the same time, they want to make it easy to read / retrieve their signed/encrypted messages.
I know their are a lot of components out on the market that permit programmatic encryption of data, but I don't know enough about what I need to make an informed buying decision. I've heard that encrypting the email content and then signing the entire message is the proper thing to do, but how do I actually do that via code? And I definitely don't understand how the message is handled once it reaches Outlook (via POP, IMAP or Exchange -- they haven't decided on which yet).
My brain is full of things such as AES, MD5 + SHA-1, SSL, S/MIME and such -- how do I put all these things together into an effective solution? Any light ya'll can shed on this would be greatly appreciated. Thanks in advance........ .... -=Tek Boy=-
Believe me, I agree -- the more links in the chain, the more susceptible the
entire system is to being compromised. But I'm not making the business
decisions here, nor will I be held liable for any fallout stemming from
privacy violations. As such, all I can do is offer up informed
recommendations and do whatever they want done after-the-fact. It's this
scenario that I'm operating within......... . not ideal, just the way it has
to be.
-=Tek Boy=-
"Ray at <%=sLocation% >" <myfirstname at lane34 dot com> wrote in message
news:uz******** ********@TK2MSF TNGP11.phx.gbl. .. I don't necessarily have answers to your questions, but FWIW, when we did the website at my company (a bank), e-mailing sensitive data was something that we discussed with our security department and the OCC, and we all agreed that it should simply not be done. All of our form data is
retrieved via an https admin area on the server, and no customer data is ever
e-mailed anywhere. It was all just simply to insecure to consider e-mailing.
Ray at work
"Saiyan Vejita" <ve**********@h otmail.com> wrote in message news:e7******** *************** ***@posting.goo gle.com... I've been working with ASP for 6+ years now, but in that time I've never had any solid advice on how to build a secure system. So I thought I'd ask here first.
Anyway, here's the situation: I have a client who wants to take credit card information via ASP form (https) and then send the resulting content (which may be either HTML- or text-formatted) to their email account, which they access using Outlook (2000, I believe). I want to build the system to make it as secure as is reasonably possible; at the same time, they want to make it easy to read / retrieve their signed/encrypted messages.
I know their are a lot of components out on the market that permit programmatic encryption of data, but I don't know enough about what I need to make an informed buying decision. I've heard that encrypting the email content and then signing the entire message is the proper thing to do, but how do I actually do that via code? And I definitely don't understand how the message is handled once it reaches Outlook (via POP, IMAP or Exchange -- they haven't decided on which yet).
My brain is full of things such as AES, MD5 + SHA-1, SSL, S/MIME and such -- how do I put all these things together into an effective solution? Any light ya'll can shed on this would be greatly appreciated. Thanks in advance........ .... -=Tek Boy=-
Ray is right, but if you want *something* emailed for notification purposes,
how about a link to a secure login page where the sensitive data can then be
accessed ?
"Ray at <%=sLocation% >" <myfirstname at lane34 dot com> wrote in message
news:uz******** ********@TK2MSF TNGP11.phx.gbl. .. I don't necessarily have answers to your questions, but FWIW, when we did the website at my company (a bank), e-mailing sensitive data was something that we discussed with our security department and the OCC, and we all agreed that it should simply not be done. All of our form data is
retrieved via an https admin area on the server, and no customer data is ever
e-mailed anywhere. It was all just simply to insecure to consider e-mailing.
Ray at work
"Saiyan Vejita" <ve**********@h otmail.com> wrote in message news:e7******** *************** ***@posting.goo gle.com... I've been working with ASP for 6+ years now, but in that time I've never had any solid advice on how to build a secure system. So I thought I'd ask here first.
Anyway, here's the situation: I have a client who wants to take credit card information via ASP form (https) and then send the resulting content (which may be either HTML- or text-formatted) to their email account, which they access using Outlook (2000, I believe). I want to build the system to make it as secure as is reasonably possible; at the same time, they want to make it easy to read / retrieve their signed/encrypted messages.
I know their are a lot of components out on the market that permit programmatic encryption of data, but I don't know enough about what I need to make an informed buying decision. I've heard that encrypting the email content and then signing the entire message is the proper thing to do, but how do I actually do that via code? And I definitely don't understand how the message is handled once it reaches Outlook (via POP, IMAP or Exchange -- they haven't decided on which yet).
My brain is full of things such as AES, MD5 + SHA-1, SSL, S/MIME and such -- how do I put all these things together into an effective solution? Any light ya'll can shed on this would be greatly appreciated. Thanks in advance........ .... -=Tek Boy=-
On 21 Nov 2003 06:59:16 -0800, ve**********@ho tmail.com (Saiyan
Vejita) wrote: I've been working with ASP for 6+ years now, but in that time I've never had any solid advice on how to build a secure system. So I thought I'd ask here first.
Anyway, here's the situation: I have a client who wants to take credit card information via ASP form (https) and then send the resulting content (which may be either HTML- or text-formatted) to their email account, which they access using Outlook (2000, I believe). I want to build the system to make it as secure as is reasonably possible; at the same time, they want to make it easy to read / retrieve their signed/encrypted messages.
I know their are a lot of components out on the market that permit programmatic encryption of data, but I don't know enough about what I need to make an informed buying decision. I've heard that encrypting the email content and then signing the entire message is the proper thing to do, but how do I actually do that via code? And I definitely don't understand how the message is handled once it reaches Outlook (via POP, IMAP or Exchange -- they haven't decided on which yet).
My brain is full of things such as AES, MD5 + SHA-1, SSL, S/MIME and such -- how do I put all these things together into an effective solution? Any light ya'll can shed on this would be greatly appreciated. Thanks in advance........ ....
Best bet (besides being a bit smarter and not doing it at all) might
be to look at PGP encryption components and add-ins. It's likely the
easiest to deal with on the receiving end.
Jeff
"Tek Boy" <ve************ ****@hotmail.co m> wrote in message
news:uv******** ******@TK2MSFTN GP11.phx.gbl... Believe me, I agree -- the more links in the chain, the more susceptible
the entire system is to being compromised. But I'm not making the business decisions here, nor will I be held liable for any fallout stemming from privacy violations.
Call me overly-paranoid, but don't count on that.
As such, all I can do is offer up informed recommendations and do whatever they want done after-the-fact. It's this scenario that I'm operating within......... . not ideal, just the way it
has to be.
Recommendations that you can be held liable for, even if you didn't make
them - i.e. sending private information via the least secure route possible.
Blue Cross Blue Shield here in KC needed a fall guy for a project one of the
managers caused to fail, and a good friend of mine got the axe.
CYA, tek boy.
- Wm This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Thom McGrath |
last post by:
I'm writing a simple mailing list program, and I would like to know
what the suggested method of sending a large number of emails to a list
of addresses. (sounds like spam, no?)
It's perfectly legit, it's just an opt-in mailing.
I have a feeling that using a 'while' loop with repeated calls to
mail() is not the best practice. Is there...
|
by: ian |
last post by:
Hi,
I'm a newbie (oh no I can here you say.... another one...)
How can I get Python to send emails using the default windows email
client (eg outlook express)?
I thought I could just do the following
import win32com.client
|
by: Nathan Sokalski |
last post by:
I have an ASP.NET page that sends a Mail.MailMessage to several email
addresses (all mine). However, one of the addresses, the one ending in
@verizon.net, does not seem to be recieving the message even though the
other addresses are. I know the spelling is correct because I have tried
sending messages from my other accounts to this address and...
|
by: Adam Honek |
last post by:
Okay.
This is a little strange but here goes.
I wanted to send emails and hence wrote the first sub below. It worked
however it would NOT send the email UNLESS I closed the application (hence
terminated the main thread).
Wanting to fix this I thought it would work if I do it the asyncrhonous way
so the calling thread isn't blocked....
|
by: Daniel Di Vita |
last post by:
I have three separate applications setup on an IIS server. Let’s call them
AppA, AppB, and AppC. On AppA (the Default application) the user is presented
with a login window. The login information is stored in a SQL Database.
Depending on the user’s credentials they can be routed to AppB or AppC. I
need to securely pass the user’s login...
| |
by: =?Utf-8?B?dHBhcmtzNjk=?= |
last post by:
I have a web page that at the click of a button must send a bunch (1000+)
emails. Each email is sent individually. I have the code working fine,
using Mail Message classes and smtp and all that. But sometimes even when
I'm just sending one e-mail the web page takes a minutes or so to post. Can
anyone tell me why it is so slow, or how to...
|
by: =?Utf-8?B?UmljaA==?= |
last post by:
Hello,
My company will be hosting a webcast, and I need to send out 2000 individual
emails to people who signed up (for login information...). I created an smtp
app that I can loop through which uses smtp and our Exchange mail server.
The smtp app works fine. I tested it on 10 test emails and called
Client.Send 10 times. The emails went...
|
by: Mike |
last post by:
I have a page with a textbox that a user can enter in mutliple email addresses such as:
user1@yahoo.com;user2@yahoo.com;user3@gmail.com;
and so on, I then have a foreach loop to get all of the emaill addresses and send emails out.
the problem is that all of the email addresses the email is being sent to is showing in the section so...
|
by: pat |
last post by:
Hi,
i'am using an ac2K progrom which sends automaticle emails with an
attachment.
Since last week , a error occurs with number 2293. Our mail program is
Outlook 2003.
It's probably a matter of safety in outlook, but i didn't saw an answer to
prevent this error on theweb.
Where can i configure the safetyitem that Outlook sees the mail...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it. ...
| |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...
| |