I agree with Mike Salim on all the points he has raised, and I am requesting
that the Perl wizards at OpenSRS address Mike's last point immediately:
At 10:45 PM 6/6/00 -0400, A. M. Salim wrote:
>6. Notification emails must *NEVER* carry credit card numbers in
>plaintext as they currently do. Notification emails must always be
>encrypted. PGP is probably the easiest choice (gpg) but any secure
>encryption will work for me as long as I am provided with a mechanism to
>readily decrypt the email.
Considering that our websites are already using encryption, how difficult would
it be to encrypt the CC numbers? Also, how would we decrypt them at our end?
I expect that PGP is superior to Blowfish and the other encryption Perl modules
we use, but it certainly would be better than plain text.
How about an immediate fix on that?
- Mike
Have a great day!
- Michael Allen Gelman
-------------------------------------------------
Get the domain: YourName.ontheInter.net for FREE
Get the domain: YourName.com only $30
http://ontheInter.net
This archive was generated by hypermail 2.1.3 : Tue Oct 19 2004 - 23:35:36 EDT