Nick,

It is a good question, but I don't think you can easily do it.

For email to be secure you would have to encypt it, and then de-encrypt it on the receiving end to see the contents......A lot of hassle.

I would either use SSL or if your want to keep it simple write the info to an SQL database instead of using email.

There are some implications with the SQL database, but much easier to overcome that the email issue IMHO.

>SQL

Yeah, that's kinda the way I was thinking too. So what are the implications?

Cheers

Nick

So, if the form/script is on a secure server, how can I send mail securely

Easiest way is probably to take credit card details over SSL and store them on a secure server. When an order is taken, generate an email telling you that there is a new order.

Then just log into the secure server and pick up the details for processing. We have a couple of clients that do this ... not as clean as a payment gateway, but it works OK.

You might want to download commerce.cgi and look at the source ... this'll give you some ideas for implementing this system.

What you need is to use PGP [pgpi.org] but it does require configuring PGP within the email client. Then you'll have a reasonably secure email exchange.

So, if the form/script is on a secure server, how can I send mail securely?

And, just to set things straight - a scripts on a secure server has nothing to do with mail.
https<>smtp :)

Still, I like storevalley's idea...

As a cheapo solution you could use a simple cypher, i.e. symetric encryption and split the CC info into several bits and send it seperately.

SN

Thanks guys.

So, if I stored them on MySQL vial a secure server? Or as a text file on a secure server or what...?

Cheers

Nick

Keep the info in MySQL and encrypt the important pieces. Use SSL to wrap up the Admin pages. If the users are on a dedicated IP use IP authentication security. That should make the data about as protected as you can get it.

So, if I stored them on MySQL vial a secure server? Or as a text file on a secure server or what...?

Download that commerce.cgi source, Nick. Card numbers are actually split ... half is stored on a secure server (in a text file by default), and the other half is mailed to you.

I have changed the way this works for client sites, but it will give you a good starting point (and save you some development time ... commerce.cgi is open source and freely modifiable)

Ok, I'll do that, thanks StoreValley.

Q. I need to keep the prd's in a db of my own design. What I'd like to do is to just allow customers to 'buy' without having to use some pre-built store catelog scripts...

Could I interface with commerce.cgi only for that purpose do you think?

Lorax

So as long as the scripts were on the secore server and the cc no-s encrypted that'd be about it?

Many thanks everyone, much apprecaited..

Nick

Q. I need to keep the prd's in a db of my own design. What I'd like to do is to just allow customers to 'buy' without having to use some pre-built store catelog scripts...

Shouldn't be too tricky ... commerce.cgi uses a text database driver stored in its own file. Somebody has already modified this to use MySQL on the back end (I think that the source is available for this too ... look around on the commerce.cgi site)

Just hack the relevant parts out of these scripts and use them.

Pretty much Nick though I'd also encrypt the visitors' personal info - just in case you did have a breech.

Basic philosophy is do what you can to secure the data, the process of viewing, adding, editing and deleting data.

I'm a bit late to this thread but... :)

The safest thing to do is NOT store the data on a web server. Just push that card info along .... SSL to encrypt the data in transit, then use GnuPG or PGP to encrypt it with the public key, and then send the encrypted data via email which the client can decrypt using their private key. Never store or the private key on the web server. Use PHP's proc_open function to shell out to the GnuPG or PGP command line utilities - backticks, shell_exec, etc expose the data to the shell.

Remember web servers by their very nature are insecure... assume it's been rooted.

There is one instance where I did store the CC info in a mysql db, however. The basic concept is SSL in transit, encryption in storage. It defeats the purpose using an SSL connection only to store the data in plain view. That's like having an armoured car deliver a bag of money to your office and leave it on the counter, right? ;)

What I did is two-way encrypt the data using mysql's encode function. The encode function needs a passphrase, BUT you don't want to store the passphrase on the server (read: in your script) because that will be visible to other users/hackers. So what I did is used PHP's mt_rand() function to create a random passphrase with each transaction. The credit card data is encrypted using the random phrase and stored in the database, then the random passphrase is disguised and sent to the client via email - never stored on the server. To retrieve the cc info the client logs in to an SSL secured admin I created where they can enter the phrase, the script uses the phrase to decode the data and displays it in the browser.

There was a great discussion about this here [webmasterworld.com] as well.