Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP General > Send emails securely via ASP

Reply
Thread Tools

Send emails securely via ASP

 
 
Saiyan Vejita
Guest
Posts: n/a
 
      11-21-2003
I've been working with ASP for 6+ years now, but in that time I've
never had any solid advice on how to build a secure system. So I
thought I'd ask here first.

Anyway, here's the situation: I have a client who wants to take credit
card information via ASP form (https) and then send the resulting
content (which may be either HTML- or text-formatted) to their email
account, which they access using Outlook (2000, I believe). I want to
build the system to make it as secure as is reasonably possible; at
the same time, they want to make it easy to read / retrieve their
signed/encrypted messages.

I know their are a lot of components out on the market that permit
programmatic encryption of data, but I don't know enough about what I
need to make an informed buying decision. I've heard that encrypting
the email content and then signing the entire message is the proper
thing to do, but how do I actually do that via code? And I definitely
don't understand how the message is handled once it reaches Outlook
(via POP, IMAP or Exchange -- they haven't decided on which yet).

My brain is full of things such as AES, MD5 + SHA-1, SSL, S/MIME and
such -- how do I put all these things together into an effective
solution? Any light ya'll can shed on this would be greatly
appreciated. Thanks in advance............



-=Tek Boy=-
 
Reply With Quote
 
 
 
 
Ray at
Guest
Posts: n/a
 
      11-21-2003
I don't necessarily have answers to your questions, but FWIW, when we did
the website at my company (a bank), e-mailing sensitive data was something
that we discussed with our security department and the OCC, and we all
agreed that it should simply not be done. All of our form data is retrieved
via an https admin area on the server, and no customer data is ever e-mailed
anywhere. It was all just simply to insecure to consider e-mailing.

Ray at work


"Saiyan Vejita" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> I've been working with ASP for 6+ years now, but in that time I've
> never had any solid advice on how to build a secure system. So I
> thought I'd ask here first.
>
> Anyway, here's the situation: I have a client who wants to take credit
> card information via ASP form (https) and then send the resulting
> content (which may be either HTML- or text-formatted) to their email
> account, which they access using Outlook (2000, I believe). I want to
> build the system to make it as secure as is reasonably possible; at
> the same time, they want to make it easy to read / retrieve their
> signed/encrypted messages.
>
> I know their are a lot of components out on the market that permit
> programmatic encryption of data, but I don't know enough about what I
> need to make an informed buying decision. I've heard that encrypting
> the email content and then signing the entire message is the proper
> thing to do, but how do I actually do that via code? And I definitely
> don't understand how the message is handled once it reaches Outlook
> (via POP, IMAP or Exchange -- they haven't decided on which yet).
>
> My brain is full of things such as AES, MD5 + SHA-1, SSL, S/MIME and
> such -- how do I put all these things together into an effective
> solution? Any light ya'll can shed on this would be greatly
> appreciated. Thanks in advance............
>
>
>
> -=Tek Boy=-



 
Reply With Quote
 
 
 
 
Tek Boy
Guest
Posts: n/a
 
      11-21-2003
Believe me, I agree -- the more links in the chain, the more susceptible the
entire system is to being compromised. But I'm not making the business
decisions here, nor will I be held liable for any fallout stemming from
privacy violations. As such, all I can do is offer up informed
recommendations and do whatever they want done after-the-fact. It's this
scenario that I'm operating within.......... not ideal, just the way it has
to be.


-=Tek Boy=-


"Ray at <%=sLocation%>" <myfirstname at lane34 dot com> wrote in message
news:uzI$%(E-Mail Removed)...
> I don't necessarily have answers to your questions, but FWIW, when we did
> the website at my company (a bank), e-mailing sensitive data was something
> that we discussed with our security department and the OCC, and we all
> agreed that it should simply not be done. All of our form data is

retrieved
> via an https admin area on the server, and no customer data is ever

e-mailed
> anywhere. It was all just simply to insecure to consider e-mailing.
>
> Ray at work
>
>
> "Saiyan Vejita" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) om...
> > I've been working with ASP for 6+ years now, but in that time I've
> > never had any solid advice on how to build a secure system. So I
> > thought I'd ask here first.
> >
> > Anyway, here's the situation: I have a client who wants to take credit
> > card information via ASP form (https) and then send the resulting
> > content (which may be either HTML- or text-formatted) to their email
> > account, which they access using Outlook (2000, I believe). I want to
> > build the system to make it as secure as is reasonably possible; at
> > the same time, they want to make it easy to read / retrieve their
> > signed/encrypted messages.
> >
> > I know their are a lot of components out on the market that permit
> > programmatic encryption of data, but I don't know enough about what I
> > need to make an informed buying decision. I've heard that encrypting
> > the email content and then signing the entire message is the proper
> > thing to do, but how do I actually do that via code? And I definitely
> > don't understand how the message is handled once it reaches Outlook
> > (via POP, IMAP or Exchange -- they haven't decided on which yet).
> >
> > My brain is full of things such as AES, MD5 + SHA-1, SSL, S/MIME and
> > such -- how do I put all these things together into an effective
> > solution? Any light ya'll can shed on this would be greatly
> > appreciated. Thanks in advance............
> >
> >
> >
> > -=Tek Boy=-

>
>



 
Reply With Quote
 
Jeff Cochran
Guest
Posts: n/a
 
      11-21-2003
On 21 Nov 2003 06:59:16 -0800, http://www.velocityreviews.com/forums/(E-Mail Removed) (Saiyan
Vejita) wrote:

>I've been working with ASP for 6+ years now, but in that time I've
>never had any solid advice on how to build a secure system. So I
>thought I'd ask here first.
>
>Anyway, here's the situation: I have a client who wants to take credit
>card information via ASP form (https) and then send the resulting
>content (which may be either HTML- or text-formatted) to their email
>account, which they access using Outlook (2000, I believe). I want to
>build the system to make it as secure as is reasonably possible; at
>the same time, they want to make it easy to read / retrieve their
>signed/encrypted messages.
>
>I know their are a lot of components out on the market that permit
>programmatic encryption of data, but I don't know enough about what I
>need to make an informed buying decision. I've heard that encrypting
>the email content and then signing the entire message is the proper
>thing to do, but how do I actually do that via code? And I definitely
>don't understand how the message is handled once it reaches Outlook
>(via POP, IMAP or Exchange -- they haven't decided on which yet).
>
>My brain is full of things such as AES, MD5 + SHA-1, SSL, S/MIME and
>such -- how do I put all these things together into an effective
>solution? Any light ya'll can shed on this would be greatly
>appreciated. Thanks in advance............


Best bet (besides being a bit smarter and not doing it at all) might
be to look at PGP encryption components and add-ins. It's likely the
easiest to deal with on the receiving end.

Jeff
 
Reply With Quote
 
William Morris
Guest
Posts: n/a
 
      11-21-2003

"Tek Boy" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Believe me, I agree -- the more links in the chain, the more susceptible

the
> entire system is to being compromised. But I'm not making the business
> decisions here, nor will I be held liable for any fallout stemming from
> privacy violations.


Call me overly-paranoid, but don't count on that.

> As such, all I can do is offer up informed
> recommendations and do whatever they want done after-the-fact. It's this
> scenario that I'm operating within.......... not ideal, just the way it

has
> to be.


Recommendations that you can be held liable for, even if you didn't make
them - i.e. sending private information via the least secure route possible.
Blue Cross Blue Shield here in KC needed a fall guy for a project one of the
managers caused to fail, and a good friend of mine got the axe.

CYA, tek boy.

- Wm


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
HP 6980 - won't properly connect "securely" via wireless - only "unsecurely" ----------@example.com Computer Support 1 09-13-2007 12:10 PM
Send credentials/user information accross applcations securely? =?Utf-8?B?RGFuaWVsIERpIFZpdGE=?= ASP .Net 0 09-11-2006 04:20 PM
how to send emails via aspx farhan wajahat ASP .Net 7 05-12-2005 04:43 PM
ctypes NULL pointers; was: Python To Send Emails Via Outlook Express Lenard Lindstrom Python 3 01-04-2005 05:29 AM
Python To Send Emails Via Outlook Express ian@kirbyfooty.com Python 40 12-27-2004 01:23 PM



Advertisments