> For every registration on the live server, I receive an Email confirming
> the registration (in addition to the customized Messages to the
> reseller and customer), which includes the credit card number in plain. I
> am quite suspicious about this, as we are taking lots of effort to transmit
> the data securely between Customer, Reseller-Server and SRS-Server (SSL,
> DES / Blowfish), while unencrypted Email travels highly insecure. Is there
> any way to disable the CC being sent in this confirmation Email and the CC#
> maybe displayed at a secure location (on the resellers Quickstart screen or
> being dumped into an encrypted file from the reg_system.cgi)?
I guess you're very much right... when I first tried the system and got back my
own credit-card number in a plain mail (going through 22 hops in fact...), I
thought I was going to zapulniclate OpenSRS :-)
Personally I just removed the credit-card form&check from the registration
page, and placed it on the "thank you" page. (We're running manual check on
each domains anyway.)
On the other hand, you can just remove this part from the CGI I guess.
- Cs.
This archive was generated by hypermail 2.1.3 : Tue Oct 19 2004 - 23:35:32 EDT