It seems you could keep the data encrypted the entire path, except at 1 point ..where you actually receive the ssl-encrypted form data
This is the weak point, because unless you use some sort of javascript encryption at the user end, before the data is sent, the sysadmin(or hacker) can intercept the data at that point of you reading the param.#instead of my $ccdata = param('ccinfo'); my $ccdata_enc = encrypt($ccdata); #maybe use my $ccdata_enc = encrypt(param('ccinfo'));
I must say that it's really unlikely that a hacker would go thru that effort to get 1 cc info at a time. They are looking for big juicy lists.
You could have a system with good security, if you ask the user to download a script, to take the cc data, encrypt it with your public key, and send it all as a big file, using LWP. That way, you have additional encryption, beyond the ssl, which the sysadmin(or hacker) would not be able to see. They would see the info, but it would be an ascii-armored pgp encrypted file. In this scenario, you could even bypass the secure server, and have the LWP-perl script email the encrypted data directly to your staff. BUT you would still have to worry about someone sending bogus scripts.
Ah...just brainstorming on an icy Friday afternoon.
In reply to Re: Passing a username/password from HTML to a Perl script
by zentara
in thread Passing a username/password from HTML to a Perl script
by mwhiting
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |