[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] cURL/https security question

Subject: [ale] cURL/https security question
From: jenn at colormaria.com (jenn at colormaria.com)
Date: Thu, 1 Aug 2002 19:20:08 -0400 (EDT)

Evaluation of common credit card gateway method needed by those much more
knowledgable about security than myself.

Scenario:
I use CreditCynic (fake company, obviously) to process credit card
transactions from my shopping cart.  CreditCynic provides me with a php class
that basically urlencodes all the pertinent credit card info, and uses
cURL tosend post data over https.  There is no other validation of sender/recipient,
there isn't any encryption of credit card data using, say, gpg.  Just
posting theform over https.

My gut reaction is that this is *bad* but I know it's very commonplace and
probably the most used method of processing credit cards for smaller
merchants.
I know I'm paranoid but I want someone to assist with either why this is
as badas I think it is, or why lots of people seem to think it's OK.

Thanks
jenn



---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

Prev by Date: [ale] With Linux?
Next by Date: [ale] OT -- Need Logo Designed with Gimp
Previous by thread: [ale] OT: BookPC for sale
Next by thread: [ale] cURL/https security question
Index(es):
- Date
- Thread