Home » Forums » General » General Discussion

Security Questions

Submitted by frednwright on Thu, 04/24/2008 - 23:22
frednwright
Posts: 12
 Joined: 08/12/2007

Hi Folks!

I am a freelance web designer who has build a lot of info sites with Drupal, but I am taking the plunge into my first e-commerce site and am going to use Ubercart. I've been lurking around here for about a year, and this community is fantastic.

I'm looking for some help - I am new to e-commerce security issues. My client does not want to use automatic on-line credit card authorization. She prefers to collect order information over a Secure Sockets Layer (SSL)-protected HTML form and receive credit card numbers via E-mail for manual processing. Naturally, they want the E-mail messages to be encrypted.

Can anyone give me advice on how to achieve this using ubercart/drupal? I know I can encrypt the web pages with a security certificate, but how do I encrypt the email?

Thanks for your help!

Fred
permalink #1 Fri, 04/25/2008 - 01:21
torgosPizza

Posts: 950
 Joined: 08/14/2007
Bug FinderEarly adopter... addicted to alphas.Getting busy with the Ubercode.

Well you can use something like a PGP key to encrypt your emails.. I don't have any experience with that, though. Your best bet is to just not have ANYTHING get emailed. Let Ubercart encrypt the cards, and email your client when orders come in. She'll have to login to process the payments anyway.

I would never email sensitive information like that anyway, regardless of whether or not it's encrypted.

--

"Pain don't hurt." - Dalton

Mike Nelson's RiffTrax! www.rifftrax.com

permalink #2 Fri, 04/25/2008 - 09:54
Ryan

Posts: 3744
 Joined: 08/07/2007
AdministratorHead Code Monkey - I eat bugs.

Agreed w/ tP. At most, I've heard of other systems encrypting partial numbers in the site and e-mailing like the missing middle 4 digits or something to the store owner. Then you're safe if the site gets hacked and safe if someone gets the e-mail... but screwed if someone gets them both. Eye-wink

This isn't a core feature of Ubercart, nor would I suspect it's easy to implement. Not impossible, but not super simple either.