Re: E-Commerce

by "Darrell King" <darrell(at)webctr.com>

 Date:  Tue, 1 Feb 2000 05:54:51 -0500
 To:  <hwg-basics(at)hwg.org>
 References:  meridianpc
  todo: View Thread, Original
Just collect the data using a regular CGI form handler over a secure
connection, and write an invoice to disk.  Then provide the client with
a way to securely access that invoice.  I've done this quite often for
various clients as a simple way to handle sensitive info.

Be sure to erase the invoices after retrieval.  If you don't encrypt
them at all...or even if you do...the weakest links in the security
chain using SSL lies not in the transmission, but in the physical access
at the client and server ends.  You aren't responsible for the client
end, but its your duty to manage the server end as best you can.

Darrell

----- Original Message -----

> OK.. I think I may have a need for an e-commerce site.  It would only
need
> to accept credit cards, and then not in a live, unsupervised way.  The
owner
> could simply enter the credit card numbers, or something, into one of
the
> little desk machines at first.  Any ideas?  What have you guys seen
(used)
> that really works and is very economical in price?
>
> Thanx - Jerry McCutchen

HTML: hwg-basics mailing list archives, maintained by Webmasters @ IWA