Immediate fix to point #6 (provided that you have payment gateway and data
capture upfront)
1) Open message.txt from the client code in the templates/reg_system folder
2) Delete the following from the bottom of message.txt:
----------------------------------------------------------------------
Payment Information:
----------------------------------------------------------------------
Card Type: {{cc_type}}
Card #: {{cc_num}}
Exp Date: {{cc_exp_mon}}/{{cc_exp_yr}}
Or alternatively you can choose not to have this e-mail sent when orders are
made by switching this option off from Opensrs.conf file
Does this make me a wizard? ;)
Hope this helps
James
-----Original Message-----
From: owner-dev-list@opensrs.org [mailto:owner-dev-list@opensrs.org]On
Behalf Of Michael Allen Gelman
Sent: Tuesday, June 06, 2000 11:58 PM
To: dev-list@opensrs.org
Subject: Re: OpenSRS Redesign
I agree with Mike Salim on all the points he has raised, and I am requesting
that the Perl wizards at OpenSRS address Mike's last point immediately:
At 10:45 PM 6/6/00 -0400, A. M. Salim wrote:
>6. Notification emails must *NEVER* carry credit card numbers in
>plaintext as they currently do. Notification emails must always be
>encrypted. PGP is probably the easiest choice (gpg) but any secure
>encryption will work for me as long as I am provided with a mechanism to
>readily decrypt the email.
Considering that our websites are already using encryption, how difficult
would
it be to encrypt the CC numbers? Also, how would we decrypt them at our
end?
I expect that PGP is superior to Blowfish and the other encryption Perl
modules
we use, but it certainly would be better than plain text.
How about an immediate fix on that?
- Mike
Have a great day!
- Michael Allen Gelman
-------------------------------------------------
Get the domain: YourName.ontheInter.net for FREE
Get the domain: YourName.com only $30
http://ontheInter.net
This archive was generated by hypermail 2.1.3 : Tue Oct 19 2004 - 23:35:36 EDT