[Zope] Re: [ZCommerce] Secure storage of credit card info

Ng Pheng Siong ngps@post1.com
Fri, 9 Jun 2000 23:45:24 +0800


On Thu, Jun 08, 2000 at 08:57:17PM -0400, R. David Murray wrote:
> You have a ZCommerce site.  You accept credit cards, and securely
> communicate with a CC processor to verify the transacton.  Now,
> you want to save the CC# and other info in case something needs
> to be done with it later

Hi,

Take a look at ZSmime, 

    http://www.post1.com/home/ngps/zope/zsmime


Here's the blurb:

ZSmime enables Zope to generate S/MIME-signed/encrypted messages.

ZSmime is useful where Zope accepts confidential information over the
web, e.g., credit card numbers, Swiss bank account instructions, etc. 
Such information can be protected by ZSmime and relayed off-site 
immediately. This reduces the value of the information carried on-site
and in turn reduces the impact of a successful attack against the site.

Even if the S/MIME-protected information remains on-site, it is now 
encrypted - this introduces additional cost in defeating the protection 
and may mitigate the effect of a successful site penetration.

ZSmime adds a DTML tag "dtml-smime" to Zope. 


-- 
Ng Pheng Siong <ngps@post1.com> * http://www.post1.com/home/ngps