Secure Sockets Layer resource at Wikipedia.
Interchange has several features that enable secure ordering via SSL.
Despite their mystique, SSL web servers are actually
quite easy to operate. The difference between the standard HTTP server
and the SSL HTTPS server, from the standpoint of the user, is only in
the encryption that happens kind-of transparently, and the specification
of the URL -- https:
is used for the
URL protocol specification instead of the usual http:
designation.
Note | |
---|---|
Interchange attempts to perform operations securely,
but no guarantees or warranties of any kind are made! Since Interchange
comes with Perl source, it is possible to modify the program to create
bad security problems. One way to minimize this possibility is to record
digital signatures, using MD5 or PGP, of
|
Interchange uses the SecureURL
directive to set the base URL for secure
transactions, and the VendURL
directive for normal non-secure
transactions.
Secure URLs can be enabled for individual forms through a form action of
[process secure=1]
. An individual page can be displayed
via SSL with [page href=
.
A certain page
can be set to always be secure with the PAGE_URL
secure=1]PAGE_NAME
</a>AlwaysSecure
directive.
Interchange incorporates additional security for credit card numbers. The
field mv_credit_card_number
will not ever be written to disk.
To enable automated encryption of the credit card information, you need
to enable CreditCardAuto
. EncryptProgram
also needs to be set to a command which will, with hope, encrypt the number
when invoked. PGP is now recommended above all other encryption
program. The entries should look something like:
CreditCardAuto Yes
EncryptProgram /usr/bin/pgpe -fat -r sales@company.com
See CreditCardAuto
, PGP
, GPG_PATH
,
EncryptKey
and EncryptProgram
configuration directives
for more information and examples.