Re: aes--any way to encrypt a hex encoded string in CF?
Hi Mark and Denstar-- Thanks so much for your help! I finally figured it out... In the end, it was just a matter of getting the padded string into the encrypt function in a way that would give identical results. I'm still not entirely sure why this works (and why I didn't try it before...), but it does: Incidentally, this padding method is number three here: http://www.di-mgt.com.au/cryptopad.html (a great explanation of all of the different padding methods) Thanks again! ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:331807 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: aes--any way to encrypt a hex encoded string in CF?
Hey Mark-- Thanks for the response. My understanding is that they are converting "1234567891234567" as a string, not as a number, so that when they encode the card number they get: 1234567891234567 --> hex: 31323334353637383931323334353637 When I encrypt "1234567891234567" using cfencrypt and hex encoding, I get the first half of their result--so the card number string doesn't seem to be the problem: My encryption result: 1DF20DDA4A5C45DCD2BCDB191D08559C Their result: 1DF20DDA4A5C45DCD2BCDB191D08559CC3BF026C725CBB1C366ADEC4867917AA It's their padding that is the issue--the last byte of which IS a hex number representing how many total characters of padding were added: 0010 (10hex=16 characters of padding) I can't figure out how to get this additional padding into the CF encrypt tag, so that I can get the same results, because I'm passing a regular string in... theirs appears to be a hex-encoded string for the card number + padding zeroes + a hex number representing the total number of characters of padding. This is the code I'm using: My result--> 1DF20DDA4A5C45DCD2BCDB191D08559C ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:331776 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
aes--any way to encrypt a hex encoded string in CF?
I am trying to match the encryption results on a box running BBj and just can't quite get there... This is how they are encrypting: 1. AES/CFC/NoPadding 2. IV of zero () Which is no problem. When encrypting 1234567891234567, I get this result: 1DF20DDA4A5C45DCD2BCDB191D08559C They get: 1DF20DDA4A5C45DCD2BCDB191D08559CC3BF026C725CBB1C366ADEC4867917AA The issue is that they are converting the string to hex and adding padding and then encrypting. This is their hex encoded string: 313233343536373839313233343536370010 1234567891234567 + 15 zeroes of padding + 10--the hex value of 16, the total number of padding bytes. It's no problem for me to calculate what padding is necessary, but I can't seem to figure out any way to pass anything other than a regular string into the encrypt tag... Any ideas? ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:331774 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CF AES Encryption/Decryption on BBj
>Maybe someone else here is good at it, and could post base64/hex >representations of the stuff. > Yeah, I'm hitting a dead end. The guy provided the hex encoded string (313233343536373839313233343536370010) to be encrypted... I understand how it was created (1234567891234567 + 15 zeroes of padding + 10--the hex value of 16, the total number of padding bytes). But I can't figure out how to pass this straight into the CF encrypt tag, since it isn't plain text. Am I missing something obvious? ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:331452 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CF AES Encryption/Decryption on BBj
Ha, yeah, that should have been > AES/CBC/NoPadding? (As far as I know, encryption algorithms are not contributing to the depletion of the ozone layer, but they are depleting my patience!) I'll see if I can get them to give up the java... ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:331425 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: CF AES Encryption/Decryption on BBj
> I have not used BBj. But until someone knowledgeable chimes in ... can
> you provide an example showing the difference between the CF versus
> BBj results?
Hi Leigh--
Thanks for the response... It looks like BBj is
1. using AES/CFC/NoPadding
2. using an IV of zero ()
3. and some additional kind of padding that is throwing a monkey wrench into
the works.
When I encrypt the string (1234567891234567) I now get:
1DF20DDA4A5C45DCD2BCDB191D08559C
They get:
1DF20DDA4A5C45DCD2BCDB191D08559CC3BF026C725CBB1C366ADEC4867917AA
Their tech support guy says:
--
The decrypt function in BBj and PRO/5 requires that the last byte of the plain
text contain the number of pad characters. When a BBj or PRO/5 function is
used to encrypt a 16 byte string, 15 pad characters are added to the plain text
and the last byte is set to 16 ($10$), i.e. the plain text for
"1234567891234567" is
$313233343536373839313233343536370010$.
c$=encrypt("1234567891234567",mode="cryptpass=songsparrowroysarahkle==") causes
BBj and PRO/5 to encrypt
$313233343536373839313233343536370010$ with an
initialization vector of $$ and a key of
$618DF206BDC0F07C95BE7A6CDC935BEB$.
--
I still haven't figured out quite how to get this padding into CF to get the
same results...
~|
Want to reach the ColdFusion community with something they want? Let them know
on the House of Fusion mailing lists
Archive:
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:331413
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
CF AES Encryption/Decryption on BBj
Hi-- Is there anyone out there in CFland who knows a bit about encryption/decryption in BBj? I am encrypting data in CF using AES/CBC/NoPadding (which is what the BBj folks say their "ENCRYPT" uses by default), but my client hasn't been able to decrypt what I send them successfully... And when they use the same key to encrypt the same data, they get a completely different result. Also, unlike the AES keys generated in CF, the CRYPTPASS that BBj uses can be over the map size and formatwise. It's hard to tell what is going on behind the scenes in BBj, because they just set it to AES-128 and let it rip without explicitly setting a mode, IV, etc. Any insider info or insight would be greatly appreciated. ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:331316 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: loopcounts and pound sign madness
>#form['comments' & loopcount]# > Thanks to everyone for your lightning-fast responses! You're the absolute best. #form['comments' & loopcount]# was exactly what did the trick this time. Thanks again! ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;192386516;25150098;k Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:305334 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
loopcounts and pound sign madness
Forgive me... I pulled an all-nighter and my brain is scrambled Here is my problem: When a customer submits an order, I am requesting additional info for certain products on the checkout page. So for these products, so I have a variable called: comments#loopcount# When I write the order to a file after the form is submitted, I want to call this variable within another loop... I'm so brain-damaged that I can't figure out how to do this... What I basically want to do is this (which of course throws an error because it makes no sense whatsoever): #comments#loopcount## I know I've done this before, but I can't remember what solution I came up with... Any help out there for a sleep-deprived code-dork? ~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;192386516;25150098;k Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:305329 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Update cart items without reloading--AJAX?
Hi forum-- My client has a pretty complicated product listing and I would like to set their cart up so that the customer can click on a button and visually add an item to a list displayed on the same page, without reloading the page. These items will be put into a database, as well. It's really crucial that the customer can see his shopping cart and the list of items for sale on the same screen. This is a site that customers have to log in to use, so I have some leeway technology-wise--in other words, we don't have to support Netscape 4.5--but I'm basically looking for the simplest implementation for the lowest common denominator (within reason). I was thinking of dabbling in AJAX (which I know next to nothing about)? Or is there a simpler way (aside from using frames, which I refuse to do...). muchas gracias, Megan Cytron Alpha 60 Design Shop Madrid, Spain ~| Create robust enterprise, web RIAs. Upgrade & integrate Adobe Coldfusion MX7 with Flex 2 http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:273056 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: cftransaction ( mysql load data infile)--CFHTTP??
>
> It is EASY with cfhttp (if you've got well formed data), but I have
> never load tested it.
>
> or (not nearly as easy)
>
> If you've got createObject "power" you can use HSSQLDB, which seems
> pretty
> robust for CSV stuff- but CFHTTP is probably fastest from 0 to Query.
>
> The one advantage to rolling your own, is you can do it all in one
> statement (if
> it's really well formed, mind), with the old
>
> INSERT INTO table (col1,col2,col3)
> VALUES (
> ("row","one","values"),
> ("row","two","values"),
> ("row","three","values")
> )
>
> Or something like that. Instead of 2000 inserts, you can do one- but
> it'll
> be a monster.
Thank you so much--this worked like a charm (once I realized that there was a
tab at the end of the lines mucking things up, that is).
~|
Create robust enterprise, web RIAs.
Upgrade & integrate Adobe Coldfusion MX7 with Flex 2
http://www.adobe.com/products/coldfusion/flex2/?sdid=RVJP
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:272627
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: cftransaction ( mysql load data infile)--CFHTTP??
Thanks for the suggestion. For one of my sites I'm going to need to do something along these lines, because the LOAD DATA function is disabled by the host in the shared hosting environment. I need to import/update the data (a CSV file that gets FTPed to the server) into a MySQL database a few times a day. It will be around 2000 lines of data with six columns Thankfully, I can control that the CSV file is in good condition and won't (knock on wood) throw any errors. I'm also looking into CFHTTP. Any other ideas about what would be the most efficient and the least disruptive method? Many thanks, Megan Cytron >This might not be the most efficient way but it's easy. This could be a bit >quicker by running the loop inside the values statement but then you need to >to check for the last row of your .cvs file and remove the comma. I only run >this on 50 records or so, never really cared to look further into it. You >should also have values in in every insert statement, this doesn't look for >nulls either. Quick and dirty... > >variable="fileData"> > delimiters="#Chr(10)##Chr(13)#"> > > INSERT INTO TheTable (THE 5 COLUMNS TO BE INSERTED) > VALUES ( >cfsqltype="cf_sql_numeric">, >cfsqltype="cf_sql_varchar">, >cfsqltype="cf_sql_varchar">, >cfsqltype="cf_sql_varchar">, >cfsqltype="cf_sql_varchar">, > ) > > ~| Create Web Applications With ColdFusion MX7 & Flex 2. Build powerful, scalable RIAs. Free Trial http://www.adobe.com/products/coldfusion/flex2/ Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:272538 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
Re: cftransaction ( mysql load data infile)
>Does load data infile query of mysql doesnt work in cftransaction? I'm curious... did you ever figure this out? I'm also trying to determine the simplest/most efficient way of loading the data from a .csv file into a mysql DB using CF. ~| Macromedia ColdFusion MX7 Upgrade to MX7 & experience time-saving features, more productivity. http://www.adobe.com/products/coldfusion Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:272458 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
Re: Encrypt CC number and store in DB
We work on a site with a similar issue. The items sold are live plants and customers order them in one batch and the plants get shipped and charged when the are sent (at different times, sometimes months later, depending on a whole host of factors). We don't store the credit card numbers in a database online. We encrypt them using PGP, then write the info to a file and send it via FTP to our clients secure internal network where they then decrypt the numbers and store them for future billing. Only the client has the private key to decrypt. We encrypt on the server using the public key and the CFX_PGP tag. ~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:229486 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
Re: querying an array?
Thanks to all who responded. Put this one away for a day and--after trying some remarkably complicated solutions--I realized how easy it was to solve. I ended up doing the following: total number of green vegetables: #numberofgreenvegetables# [Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
RE: web hosts
Yep. Crystaltech is the only shared host I've used that hasn't made my life a living hell. And their Control Panel is a godsend. The only time I've ever had to use their tech support in the past two years was when I had them install some custom tags. Megan [EMAIL PROTECTED] Alpha 60 Design Shop http://www.alpha60.com phone: 202-745-6393 fax: 202-745-6394 __ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE:
I second the vote for crystaltech.com. They have an amazing control panel. The only time I've had to contact customer support has been when I need a custom tag installed. Megan [EMAIL PROTECTED] Alpha 60 Design Shop http://www.alpha60.com phone: 202-745-6393 fax: 202-745-6394 __ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CC processing question
> We process credit cards via Verisign and do an > auth-only on order. When we > ship, we then do a delayed-capture, for which you only need the > transaction id given when you created the auto-only > transaction. Do you know how long the auth-only transaction id is good for and can you use it multiple times? I'd like to use this method for one of our clients, but they sometimes ship many months later and often split the order up into several shipments and bill separately. On another site, we're currently using PGP to encrypt the CC info into a text file and then have the client's Unix server FTP and delete the orders every few minutes. This works okay, but seriously limits our hosting options. __ Why Share? Dedicated Win 2000 Server · PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant Activation · $99/Month · Free Setup http://www.pennyhost.com/redirect.cfm?adcode=coldfusionc FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
QUESTION: Mail Order Manager
Has anyone out there used CF in conjunction with Mail Order Manager (by Dydacomp)? One of our clients wants to tranfer their internal order processing and accounting over to MOM. We're just wondering how MOM deals with web orders and if there are any CF tags out there that make it easier. In our particular situation, we need to tranfer order info and credit card numbers from the web to the internal ordering system in some encrypted format. We don't need any sort of on-the-fly CC authorization--we just need to have the CC info decrypted on the other end and passed along to MOM. Also, I'd be interested in any BTDT general impressions on Mail Order Manager--is it a dream come true or a hellish nightmare waiting to happen? Any wisdom on this would be greatly appreciated! Megan [EMAIL PROTECTED] Alpha 60 Design Shop http://www.alpha60.com phone: 202-745-6393 fax: 202-745-6394 __ Get Your Own Dedicated Windows 2000 Server PIII 800 / 256 MB RAM / 40 GB HD / 20 GB MO/XFER Instant Activation · $99/Month · Free Setup http://www.pennyhost.com/redirect.cfm?adcode=coldfusionb FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Credit Card Encryption
There's a discussion on using GnuPG to encrypt cc info in the archives somewhere. You can use CFEXECUTE to do this, but it's kind of tricky, depending on your server and probably not viable in a shared environment. Someone should really write a custom tag that utilizes GnuPG server-side--there's a real need for it, as CFX_PWCARDCRYPT won't work if you need to decrypt on a non CF server (at least not the last time that I checked)... Megan [EMAIL PROTECTED] Alpha 60 Design Shop http://www.alpha60.com phone: 202-745-6393 fax: 202-745-6394> ~~ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Crash Studio 4.5.2 lost data.
> I just lost a > couple of hours work. > Off to load the back up tape > and see how much I lost. Before you go to the backup tapes... did you try looking in the windows/temp folder for the machine running CF Studio? Sort it by date or look for files beginning with "cf~". I've found a lot of lost/corrupted work this way... Good luck! Megan [EMAIL PROTECTED] Alpha 60 Design Shop http://www.alpha60.com phone: 202-745-6393 fax: 202-745-6394> ~~ Get the mailserver that powers this list at http://www.coolfusion.com FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Q: CFFTP IP address
Our client's server folks would like to restrict FTP access to a given set of IP addresses. We're currently using CFFTP on a shared hosting site that posts to their server... Without requiring the host or server folks to think too hard or be responsive (something that might constitute a miracle), is there any way to know from what IP the CFFTP posts will come? Does it usually come from a site's static IP or the host's IP? Thanks! Megan [EMAIL PROTECTED] Alpha 60 Design Shop http://www.alpha60.com phone: 202-745-6393 fax: 202-745-6394> ~~ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Storing Credit Cards
Has anyone ever looked into developing a CFX tag that makes use of GnuPG on NT? Given that the PGP commercial server license is so exhorbitant ($7000+), I, for one, would be willing to pay for a CFX tag that used the freely available GnuPG... I think shared hosts would also buy in, since this would be a much more affordable way to offer public/private key encryption to customers, without having to enable CFEXECUTE. Just a thought for someone with some free time on their hands... Megan [EMAIL PROTECTED] Alpha 60 Design Shop http://www.alpha60.com phone: 202-745-6393 fax: 202-745-6394 ~~ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Storing Credit Cards
I have also done this using CFX_PGP. In our case, we FTPed the order and PGP-encrypted CC info to a Unix server and they moved the file to a secure location behind a firewall and deleted it from the FTP folder. You could also do this via VPN. Another question: has anyone found any shared hosts that support CFX_PGP? Thanks, Megan [EMAIL PROTECTED] Alpha 60 Design Shop http://www.alpha60.com phone: 202-745-6393 fax: 202-745-6394 > -Original Message- > From: Alex Santantonio [mailto:[EMAIL PROTECTED]] > Sent: Thursday, October 04, 2001 11:22 AM > To: CF-Talk > Subject: RE: Storing Credit Cards > > > If you must store credit card info, it might be a good > idea to follow some > of these steps in addition to the typical Secure > Certificate and so on. You > should absolutely encrypt them using PGP or some other > type of encryption. > I have used CF_PGP on several clients and it works > quite well. You could > probably use some sort of ASP PGP COM object with CF > instead of paying the > $400 for CF_PGP. In addition to this, you can also > create an automated > process that will transfer the card numbers from the > live database to > another database that is not accessible through the > site in any way. Then > write the good old xx* to the live database > for future management. > Then you can transfer your billing software that you > write to actually > charge the cards on the schedule behind this secure > section so only people > within the office or from a certain IP address can > process cards. This will > at least make it much more difficult to get at this > data, and if your > database is hacked or stolen from your live site, the > only cards that might > even be in there would be the ones that were not yet > transferred, and those > would be encrypted in PGP so it would take someone a > good deal of time to > get at it that way. So in short. > > 1. Store credit cards PGP encrypted in the database > 2. Transfer on a schedule and store them in a separate > Database with the > info on the live database overwritten > 3. Move billing management behind a firewall or some > server that is no way > accessible to the outside. > > This should at least minimize your risk a bit. > > Alex Santantonio > Lead Developer > Macromedia Coldfusion 5 Certified Professional > Macromedia Certified Web Site Developer > [EMAIL PROTECTED] > www.doceus.com > > -Original Message- > From: Jeff Stone [mailto:[EMAIL PROTECTED]] > Sent: Thursday, October 04, 2001 10:55 AM > To: CF-Talk > Subject: Storing Credit Cards > > I am hoping that someone in this group may be able to > help me. The company > I work for is building a service-based ecommerce > website. Because this site > sells website space to other customers, I need to > charge these customers > monthly for the services we are providing. Therefore, > I believe I am going > to have to store the customer's credit card numbers in > order to charge their > cards every month for their continued use of our services. > > I have done quite a few product-based ecommerce sites > in the past and have > never had to face this issue. In the past, I have > used Cybersource and > Cybercash passing them the user's credit card > information at the time of > purchase and then just storing the authorization code > that was returned in > my database. Then, when the products were shipped, I > would pass the > authorization code back to Cybersource and they would > give me a billing code > that would confirm that a request for the card to be > charged had been > completed. This was very secure because I never had > to store the credit > card numbers at all. The only problem is that these > authorization codes are > only good for 7-10 days, so I cannot use this same > process for my current > customer. > > I know there are a lot of people out there currently > storing credit cards. > I know all of the ISPs must be doing it to be able to > constantly charge my > credit card each month. Has anyone done this before, > and if so, how? I > have spent the last couple of days looking for the best > encryption/decryption scheme, but at the sore lack of > information that I > have found, I thought I would turn to this group for > some advice (assuming > that someone out there must have the answer). I would > also be interested in > knowing if anyone is aware of a third party clearing > house or payment > processor that can provide a very secure credit card > storage service. As > you can tell, I am very hesitant to want to store > these credit card numbers > at all. > > Any help you all may be able to give would be much appreciated. > > Thanks again, > > Jeff Stone > Stone Grove Design > [EMAIL PROTECTED] > > ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-t
RE: I've lost a week's work!!!
Look in the windows/temp folder for the machine running CF Studio. Sort it by date or look for files beginning with "cf~". I've found quite a few lost files this way... Good luck! Megan [EMAIL PROTECTED] Alpha 60 Design Shop http://www.alpha60.com phone: 202-745-6393 fax: 202-745-6394 > -Original Message- > From: Michael Lugassy [mailto:[EMAIL PROTECTED]] > Sent: Thursday, September 20, 2001 7:36 PM > To: CF-Talk > Subject: I've lost a week's work!!! > > > I just had to hard reset my computer while editing a > cfm template > in coldfusion studio, and when I logged in again found > out it was > 0 byte!!! > > All of my week's work is gone (the file was around > 15Kb of code). > I didn't save it in a diffrent location. is there > still a place where I > can find it?? > > I know the chances are ZERO! but... maybe?? :((( > > Michael. > > ~~ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
shopping cart--switching to SSL with session variables
Does anyone foresee any problems with appending "?#session.URLToken#" to the url to which a form submits when switching from an "insecure" server to a secure server. It seems to work great in preserving the shopping cart session for this particular project, since everything is on one box (and has enabled us to avoid delving into WDDX or database storage). It essentially helps the secure server to locate the session by passing a CFID and CFTOKEN. Just wondering if there are any downsides to doing this that we may not have considered... Thanks! Megan [EMAIL PROTECTED] Alpha 60 Design Shop http://www.alpha60.com phone: 202-745-6393 fax: 202-745-6394 > -Original Message- > From: Ian Lurie [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, August 29, 2001 4:53 PM > To: CF-Talk > Subject: RE: shopping cart / online store > > > Just as a plug, we're using NetReady right now on > www.dessy.com for their > lookbook product. It integrated with their site with > about 3 hours of work, > start-to-finish. Very slick... > > > -Original Message- > > From: Bryan Love [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, August 29, 2001 10:53 AM > > To: CF-Talk > > Subject: RE: shopping cart / online store > > > > > > NetReady. It's pretty new, but it's cheap and it blows the > > competition away > > > > Here's a feature list: > > > > Administration > > > > Expandable shipping model based on the total weight > of an order > > *NEW* InterShipper integration allows you to query for real > > time shipping > > prices and record them to your own database with the > push of a button > > Send bulk email to specific security roles, customers, or > > anyone who has > > ordered specific products > > Organization of products and product lines into user-defined > > categories > > *NEW* Create downloadable products from files with the click > > of a button > > Inventory maintainance by quantity or by expiration date > > Display options to allow customers to see available > inventory on a > > per-product basis > > Turn individual products on or off > > Create auctions out of existing products > > Turn an auction on or off independantly of the > product it represents > > Specify any number of options and virtually > unlimited choices for each > > option on a per-product basis > > Rule editing to allow store-wide product > modifications with only a few > > keystrokes > > Add, delete, and modify users to fit your business > > Create your own security roles or use the default roles to > > limit users' > > access to the administration tools > > Security log keeps track of user logins and logouts > > Ban specified IPs or allow only specified IPs > > View, modify, and delete orders > > Archive capability hides old orders without deleting them > > Integrated banner system turns banners on or off in > one mouse click > > Specify expiration date, max mouse clicks, or max displays > > for individual > > banners > > Number of clicks or displays for any given banner is always > > accessible and > > up to date > > Bug form allows bugs to be input at any time > > Bug tracker allows bugs to be sorted, commented on, deleted, > > opened, closed, > > and put on hold to aid in development > > Client-side error checking (JavaScript) prevents > invalid form input > > Every product has three generic flags to be used for whatever > > you wish (i.e. > > Flag1 could be for items of the week, etc...) > > Category-level discounts will reduce the price of > any product in the > > category by a fixed amount or a percentage > > Discount codes can be created and given out to individual > > users or groups of > > users > > Set maximum number of uses for a discount code to be > one, infinite, or > > anything in between > > > > Store Front > > --- > > Customer login ability: > > View past orders > > Create, use, and delete shopping lists > > Store a default billing address and unlimited > shipping addresses > > Quick checkout eliminates time-consuming data entry > > Log file tracks logins, failed logins, and logouts > > Default store front with home, contact, and privacy pages > > Integrated dynamic random banner display with full logging > > Default catalog allows drill-down through categories > with full product > > listings > > Auction listings display all items available for > auction with links to > > purchase the item outright (if applicable) > > The auction engine will automatically bid for a user until a > > maximum amount > > (user-specified) is reached > > Product and category click logs track every click > through the catalog > > Search function searches product names and descriptions > > Single style sheet gives developer control over > fonts and colors > > Shopping basket uses database for unlimited size and > > scalability as well as > > allowing customers to retain items across visits > > Full checkout process is seperate to allow a secure > connection > > Checkout collects billing
RE: cfx_pwcardcrypt--a few questions...
> >2. Does anyone have any ideas on how to decrypt the results of > >CFX_PWCARDCRYPT on a Unix box? > > cfx_pwcardrypt uses the standard RSA algorithm, and can > create/encrypt/decrypt 512, 1024 and 2048 bit keys. In > theory, if there was > a tool on *nix to decrypt standard RSA and you used > the same key pair, it > would work, although I haven't tried it myself. Does > anyone know of such a > beast? I'd be really interested to know if there was. > And Megan, it may help > if you specify which flavour of *nix you need to use. Thanks for responding! They are running SCO Unix Open Desktop Enterprise v 5.0.5. Megan [EMAIL PROTECTED] Alpha 60 Design Shop http://www.alpha60.com phone: 202-745-6393 fax: 202-745-6394 ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: Red Worm Hack - Affected Files?
This just happened on one of our hosts and I was still able to FTP to our directory and get our files out without losing anything... Megan [EMAIL PROTECTED] Alpha 60 Design Shop http://www.alpha60.com phone: 202-745-6393 fax: 202-745-6394> ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
cfx_pwcardcrypt--a few questions...
Another in the ongoing saga of questions about encryption options between Cold Fusion/NT and Unix... Last month there was a brief thread that mentioned CFX_PWCARDCRYPT (using the RSA public key encryption method) as a good alternative to PGP (especially given the $7000+ cost of the PGP commercial server) for credit card encryption. Questions: 1. Has anyone out there had tried the CFX_PWCARDCRYPT tag since then? Is it relatively simple to implement? If so, does it require any server-side components (a la PGP)? 2. Does anyone have any ideas on how to decrypt the results of CFX_PWCARDCRYPT on a Unix box? Foregive me, my ignorance of Unix is unbounded... For our particular application, we need to encrypt the credit card info using Cold Fusion then send it to a Unix box (via mail or FTP) and have them decrypt the info behind their firewall. Any help/direction you could give would be greatly appreciated! Thanks! Megan [EMAIL PROTECTED] Alpha 60 Design Shop http://www.alpha60.com phone: 202-745-6393 fax: 202-745-6394> ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
Encrypting CC info--sending from NT/CF to Unix--need advice
We have an interesting situation... We have a client who needs to have CC info sent from a CF application on an SSL NT server to a Unix box that is not running CF. They do not need any sort of authentication (as items are billed to the CC later as they are shipped), they just need to have the CC info passed via the FTP of a text file to their public server, where it will be pulled behind the firewall and decrypted. Everything is working and in place, with the exception of the encryption/decryption. The problem has been finding a method of encryption within CF that can be decrypted on their end without CF. We would like to use PGP, but since we host on a shared server, this has been very difficult proposition (most hosts are pulling PGP from their line-up due to licensing crack-downs, apparently). Does anyone have any ideas on how the encryption and decryption could be accomplished in a shared hosting environment? Any insight or war stories would be appreciated beyond belief! Thanks, Megan [EMAIL PROTECTED] Alpha 60 Design Shop http://www.alpha60.com phone: 202-745-6393 fax: 202-745-6394 ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
RE: CFFILE Output--how do I include CFLOOP and session variables
> I don't believe you can place cf tags inside of ANY cf > tags. Try something like this: > > > > To="#ArrayLen(session.cart)#"> > #session.cart[loopcount][3]# > VARIETY: #session.cart[loopcount][1]# > QUANTITY: #session.cart[loopcount][4]# > "> > Yes, yes, yes! After an extended nap, this makes perfect sense and works like a charm. Thanks very, very much! Megan [EMAIL PROTECTED] Alpha 60 Design Shop http://www.alpha60.com phone: 202-745-6393 fax: 202-745-6394 ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
CFFILE Output--how do I include CFLOOP and session variables
I'll preface this dodo-brain question by saying that I'm completely sleep-deprived, half brain-dead and away from my home base, references, etc. Here's what I need to do: we are using CFFILE to write the results of an order to a file. We are using CFSET to create a variable called "textoutput". When I put CFLOOP in "textoutput" and then reference it within CFFILE, all of my session variables (from a shopping cart) get messed up and I get an error message saying that my session variables are no longer there. (My shopping cart is working fine elsewhere and I'm able to send the looped session info via CFMAIL, so that probably isn't the problem.) Here's my code: ITEM CODE:#session.cart[loopcount][3]# VARIETY: #session.cart[loopcount][1]# QUANTITY: #session.cart[loopcount][4]# "> I know I've been down this road before... is it possible to run CF tags within CFFILE? Am I missing something really simple? Any insight would be greatly appreciated! Thanks in advance!! Megan [EMAIL PROTECTED] Alpha 60 Design Shop http://www.alpha60.com phone: 202-745-6393 fax: 202-745-6394 ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
need to find host that supports cfx_pgp
Does anyone have any leads on a host that supports the CFX_PGP tag? If not, does anyone have any experience implementing PGP encryption on an email that is sent via CFMAIL, while using a shared hosting scenario? Our quandary is that we need to encrypt credit card data and send it via email to a client that does not have a Cold Fusion server. We do not need to authenticate or authorize the CC info, it's just a matter or passing it on to our client for future billing. Any insight or wisdom would be greatly appreciated! Megan [EMAIL PROTECTED] Alpha 60 Design Shop http://www.alpha60.com phone: 202-745-6393 fax: 202-745-6394 ~~ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
