I've been working with ASP for 6+ years now, but in that time I've
never had any solid advice on how to build a secure system. So I
thought I'd ask here first.
Anyway, here's the situation: I have a client who wants to take credit
card information via ASP form (https) and then send the resulting
content (which may be either HTML- or text-formatted) to their email
account, which they access using Outlook (2000, I believe). I want to
build the system to make it as secure as is reasonably possible; at
the same time, they want to make it easy to read / retrieve their
signed/encrypted messages.
I know their are a lot of components out on the market that permit
programmatic encryption of data, but I don't know enough about what I
need to make an informed buying decision. I've heard that encrypting
the email content and then signing the entire message is the proper
thing to do, but how do I actually do that via code? And I definitely
don't understand how the message is handled once it reaches Outlook
(via POP, IMAP or Exchange -- they haven't decided on which yet).
My brain is full of things such as AES, MD5 + SHA-1, SSL, S/MIME and
such -- how do I put all these things together into an effective
solution? Any light ya'll can shed on this would be greatly
appreciated. Thanks in advance............
-=Tek Boy=-
5  1861 
I don't necessarily have answers to your questions, but FWIW, when we did
the website at my company (a bank), e-mailing sensitive data was something
that we discussed with our security department and the OCC, and we all
agreed that it should simply not be done. All of our form data is retrieved
via an https admin area on the server, and no customer data is ever e-mailed
anywhere. It was all just simply to insecure to consider e-mailing.
Ray at work
"Saiyan Vejita" <ve**********@hotmail.com> wrote in message
news:e7**************************@posting.google.c om... I've been working with ASP for 6+ years now, but in that time I've
never had any solid advice on how to build a secure system. So I
thought I'd ask here first.
Anyway, here's the situation: I have a client who wants to take credit
card information via ASP form (https) and then send the resulting
content (which may be either HTML- or text-formatted) to their email
account, which they access using Outlook (2000, I believe). I want to
build the system to make it as secure as is reasonably possible; at
the same time, they want to make it easy to read / retrieve their
signed/encrypted messages.
I know their are a lot of components out on the market that permit
programmatic encryption of data, but I don't know enough about what I
need to make an informed buying decision. I've heard that encrypting
the email content and then signing the entire message is the proper
thing to do, but how do I actually do that via code? And I definitely
don't understand how the message is handled once it reaches Outlook
(via POP, IMAP or Exchange -- they haven't decided on which yet).
My brain is full of things such as AES, MD5 + SHA-1, SSL, S/MIME and
such -- how do I put all these things together into an effective
solution? Any light ya'll can shed on this would be greatly
appreciated. Thanks in advance............
-=Tek Boy=-
Believe me, I agree -- the more links in the chain, the more susceptible the
entire system is to being compromised. But I'm not making the business
decisions here, nor will I be held liable for any fallout stemming from
privacy violations. As such, all I can do is offer up informed
recommendations and do whatever they want done after-the-fact. It's this
scenario that I'm operating within.......... not ideal, just the way it has
to be.
-=Tek Boy=-
"Ray at <%=sLocation%>" <myfirstname at lane34 dot com> wrote in message
news:uz****************@TK2MSFTNGP11.phx.gbl... I don't necessarily have answers to your questions, but FWIW, when we did
the website at my company (a bank), e-mailing sensitive data was something
that we discussed with our security department and the OCC, and we all
agreed that it should simply not be done. All of our form data is
retrieved via an https admin area on the server, and no customer data is ever
e-mailed anywhere. It was all just simply to insecure to consider e-mailing.
Ray at work
"Saiyan Vejita" <ve**********@hotmail.com> wrote in message
news:e7**************************@posting.google.c om... I've been working with ASP for 6+ years now, but in that time I've
never had any solid advice on how to build a secure system. So I
thought I'd ask here first.
Anyway, here's the situation: I have a client who wants to take credit
card information via ASP form (https) and then send the resulting
content (which may be either HTML- or text-formatted) to their email
account, which they access using Outlook (2000, I believe). I want to
build the system to make it as secure as is reasonably possible; at
the same time, they want to make it easy to read / retrieve their
signed/encrypted messages.
I know their are a lot of components out on the market that permit
programmatic encryption of data, but I don't know enough about what I
need to make an informed buying decision. I've heard that encrypting
the email content and then signing the entire message is the proper
thing to do, but how do I actually do that via code? And I definitely
don't understand how the message is handled once it reaches Outlook
(via POP, IMAP or Exchange -- they haven't decided on which yet).
My brain is full of things such as AES, MD5 + SHA-1, SSL, S/MIME and
such -- how do I put all these things together into an effective
solution? Any light ya'll can shed on this would be greatly
appreciated. Thanks in advance............
-=Tek Boy=-
Ray is right, but if you want *something* emailed for notification purposes,
how about a link to a secure login page where the sensitive data can then be
accessed ?
"Ray at <%=sLocation%>" <myfirstname at lane34 dot com> wrote in message
news:uz****************@TK2MSFTNGP11.phx.gbl... I don't necessarily have answers to your questions, but FWIW, when we did
the website at my company (a bank), e-mailing sensitive data was something
that we discussed with our security department and the OCC, and we all
agreed that it should simply not be done. All of our form data is
retrieved via an https admin area on the server, and no customer data is ever
e-mailed anywhere. It was all just simply to insecure to consider e-mailing.
Ray at work
"Saiyan Vejita" <ve**********@hotmail.com> wrote in message
news:e7**************************@posting.google.c om... I've been working with ASP for 6+ years now, but in that time I've
never had any solid advice on how to build a secure system. So I
thought I'd ask here first.
Anyway, here's the situation: I have a client who wants to take credit
card information via ASP form (https) and then send the resulting
content (which may be either HTML- or text-formatted) to their email
account, which they access using Outlook (2000, I believe). I want to
build the system to make it as secure as is reasonably possible; at
the same time, they want to make it easy to read / retrieve their
signed/encrypted messages.
I know their are a lot of components out on the market that permit
programmatic encryption of data, but I don't know enough about what I
need to make an informed buying decision. I've heard that encrypting
the email content and then signing the entire message is the proper
thing to do, but how do I actually do that via code? And I definitely
don't understand how the message is handled once it reaches Outlook
(via POP, IMAP or Exchange -- they haven't decided on which yet).
My brain is full of things such as AES, MD5 + SHA-1, SSL, S/MIME and
such -- how do I put all these things together into an effective
solution? Any light ya'll can shed on this would be greatly
appreciated. Thanks in advance............
-=Tek Boy=-
On 21 Nov 2003 06:59:16 -0800, ve**********@hotmail.com (Saiyan
Vejita) wrote: I've been working with ASP for 6+ years now, but in that time I've
never had any solid advice on how to build a secure system. So I
thought I'd ask here first.
Anyway, here's the situation: I have a client who wants to take credit
card information via ASP form (https) and then send the resulting
content (which may be either HTML- or text-formatted) to their email
account, which they access using Outlook (2000, I believe). I want to
build the system to make it as secure as is reasonably possible; at
the same time, they want to make it easy to read / retrieve their
signed/encrypted messages.
I know their are a lot of components out on the market that permit
programmatic encryption of data, but I don't know enough about what I
need to make an informed buying decision. I've heard that encrypting
the email content and then signing the entire message is the proper
thing to do, but how do I actually do that via code? And I definitely
don't understand how the message is handled once it reaches Outlook
(via POP, IMAP or Exchange -- they haven't decided on which yet).
My brain is full of things such as AES, MD5 + SHA-1, SSL, S/MIME and
such -- how do I put all these things together into an effective
solution? Any light ya'll can shed on this would be greatly
appreciated. Thanks in advance............
Best bet (besides being a bit smarter and not doing it at all) might
be to look at PGP encryption components and add-ins. It's likely the
easiest to deal with on the receiving end.
Jeff
"Tek Boy" <ve****************@hotmail.com> wrote in message
news:uv**************@TK2MSFTNGP11.phx.gbl... Believe me, I agree -- the more links in the chain, the more susceptible
the entire system is to being compromised. But I'm not making the business
decisions here, nor will I be held liable for any fallout stemming from
privacy violations.
Call me overly-paranoid, but don't count on that.
As such, all I can do is offer up informed
recommendations and do whatever they want done after-the-fact. It's this
scenario that I'm operating within.......... not ideal, just the way it
has to be.
Recommendations that you can be held liable for, even if you didn't make
them - i.e. sending private information via the least secure route possible.
Blue Cross Blue Shield here in KC needed a fall guy for a project one of the
managers caused to fail, and a good friend of mine got the axe.
CYA, tek boy.
- Wm This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Thom McGrath |
last post by:
I'm writing a simple mailing list program, and I would like to know
what the suggested method of sending a large number of emails to a list
of addresses. (sounds like spam, no?)
It's perfectly...
|
by: ian |
last post by:
Hi,
I'm a newbie (oh no I can here you say.... another one...)
How can I get Python to send emails using the default windows email
client (eg outlook express)?
I thought I could just do the...
|
by: Nathan Sokalski |
last post by:
I have an ASP.NET page that sends a Mail.MailMessage to several email
addresses (all mine). However, one of the addresses, the one ending in
@verizon.net, does not seem to be recieving the message...
|
by: Adam Honek |
last post by:
Okay.
This is a little strange but here goes.
I wanted to send emails and hence wrote the first sub below. It worked
however it would NOT send the email UNLESS I closed the application (hence...
|
by: Daniel Di Vita |
last post by:
I have three separate applications setup on an IIS server. Let’s call them
AppA, AppB, and AppC. On AppA (the Default application) the user is presented
with a login window. The login information...
|
by: =?Utf-8?B?dHBhcmtzNjk=?= |
last post by:
I have a web page that at the click of a button must send a bunch (1000+)
emails. Each email is sent individually. I have the code working fine,
using Mail Message classes and smtp and all that. ...
|
by: =?Utf-8?B?UmljaA==?= |
last post by:
Hello,
My company will be hosting a webcast, and I need to send out 2000 individual
emails to people who signed up (for login information...). I created an smtp
app that I can loop through...
|
by: Mike |
last post by:
I have a page with a textbox that a user can enter in mutliple email addresses such as:
user1@yahoo.com;user2@yahoo.com;user3@gmail.com;
and so on, I then have a foreach loop to get all of the...
|
by: pat |
last post by:
Hi,
i'am using an ac2K progrom which sends automaticle emails with an
attachment.
Since last week , a error occurs with number 2293. Our mail program is
Outlook 2003.
It's probably a matter...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
| |
