I have
a <gasp!> Cold Fusion custom tag that will allow you to store data
encrypted in a database and unencrypt it when you need to. Its based on
the RC4 Encryption Algorithm. If anyone would like to port this to Tango,
I'd be happy to make it available. I'm not sure if this is what you're
looking for or if it's already been done.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Web Dude
Sent: Thursday, May 02, 2002 10:25 AM
To: Multiple recipients of list witango-talk
Subject: RE: Witango-Talk: EncryptionAre there any free certs for NT?As Mike says, what you're trying to achieve is commonly done through the use of a secure certificate. ie your form is accessed via https://yourdomainname.com/yourform.html (note the s on the end of http). So all you really have to do is place the form onto a secure server (one that has a certificate on it) in the appropriate secured folders access it using https:// instead of http:// to access it and whatever is submitted using the form between the user's browser and the web server will be automatically encrypted during transmission and decrypted at the other end.
When you enter the secure area to access the form, the lock icon on your browser will indicate that you have entered a secure area. Note: anyone who checks the certificate (which any browser can do) to see if it is the correct company will see who owns the certificate so if you use the hosting provider's certificate you should state that on the secure page that you are displaying so that they know that it is OK and their browser connection is not being hi-jacked by someone else.
Keep in mind that if the contents of the secure communication from the form then end up in a non-encrypted (normal) email which is sent from the server to somewhere else, then you're essentially sending the data to the recipient in a non-secure state anyway, which sort of defeats the purpose, except that no-one knows that you're doing this with their secure, private data. The best idea is to send the resulting secure info to an email address or file which is off the Internet, or if you can't do that, store the results in a secure area on the server itself, or in a secure database. However most private/sensitive info breaches have been through people accessing networks and extracting private info from insecure databases.
You can either use the hosting provider's certificate (if they allow you to) or you may need to purchase your own certificate from a company like Thawte (US$125). Other's charge more for no real security advantage. You can also use Novell's Certificate Server to create your own, if your company or client has that, or you can create your own by doing the following (info previously supplied by Todd Trann)...
- download and install OpenSSL from http://www.openssl.org/
- read the FAQ's and README's
- useful reading: http://www.linuxdoc.org/HOWTO/SSL-RedHat-HOWTO-3.html
If you don't host the site yourself, then most hosting providers will charge you either an extra monthly charge to use their secure certificate, or to setup your site to use their certificate, or to install your own certificate on their server for your domain.
cheers
Garth
At 17:15 1/05/2002 -0500, you wrote:
What I was told is the contents of a form parameter will be encrypted and
then posted to another server some were on the internet. Once there they
will decrypt it and do there processing with the contents. Does this make
sense?
Thanks
Larry Gutman
-----Original Message-----
From: Mike Tyranski [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 01, 2002 4:53 PM
To: Multiple recipients of list witango-talk
Subject: Re: Witango-Talk: Encryption
Larry,
What do you mean by posting? At what point the in the process are you
encrypting data? If your worried about data being sent from the server to
the browser and vice versa, a secure certificate could solve your problem
without any additional coding.
Mike
"Gutman, Larry" wrote:
> Does anyone have experience in encrypting information and posting it
> to another web site? I have have a vendor who would like to do this
> and I was looking for any input from the Tango community about there
> experiences.ThanksLarry Gutman
________________________________________________________________________
TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED]
with unsubscribe witango-talk in the message body
________________________________________________________________________TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED]
with unsubscribe witango-talk in the message body
