Reasonable security

[Russ Schnapp]

~sdpm~
On 3 Apr 00, at 10:22, Joel Fentin wrote:

> >Well, if you aren't using a secure http server to retrieve the
> credit 
> >card number.......
> 
> And if I am?

Well, then, it makes sense to encrypt your data...

> =========================
> >Otherwise, you might consider using PGP to encrypt the number 
> >with the owner's public key.
> 
> I am not sure I understand what you are saying. Perhaps one of
> the following:
> 
> 1. The site sends an encrypted email attachment to the owner of
> the site (who knows nothing about computers). She has a windows
> decryption program which can open the attachment without her
> having to learn a lot of things.
> 
> 2. The encrypted credit card number is in the body of the email.
> PGP is a standard encryption of email, and her Netscape/IE/eudora
> email program will handle the details.
> 
> 3. The encrypted credit card number is appended onto the end of a
> file sitting on the server, and a Windoz/DOS based perl program
> must be written to read the file.

Yes, any of the above should work.  Instead of trying to spawn pgp 
(which was my first thought), you might want to look at CPAN 
resources for encryption.  See, for instance, 
http://www.cpan.org/modules/00modlist.long.html#14)Authenticati

...Russ
~sdpm~

The posting address is: san-diego-pm-list at hfb.pm.org

List requests should be sent to: majordomo at hfb.pm.org

If you ever want to remove yourself from this mailing list,
you can send mail to <majordomo at happyfunball.pm.org> with the following
command in the body of your email message:

    unsubscribe san-diego-pm-list

If you ever need to get in contact with the owner of the list,
(if you have trouble unsubscribing, or have questions about the
list itself) send email to <owner-san-diego-pm-list at happyfunball.pm.org> .
This is the general rule for most mailing lists when you need
to contact a human.