| Last Updated: Oct 21, 2002 - 2:01 PM | Page 73 |
Encrypted Feedback or Order Form (pgpmail.cgi)
Enabling SSL encryption on your site is the first step to protect the privacy of sensitive information. However, data can still be compromised by hackers if the data is stored on the server or transported from the server in an insecure manner such as email. To further protect sensitive information, our pgpmail.cgi script works just like formail.cgi, but with the exception that the information is encrypted before it is emailed to the recipient of the web form. pgpmail.cgi is currently available only on the shared secure server. The encryption format that is used is compatible with PGP, one of the strongest encryption methods available. To utilize our pgpmail.cgi script on our server, take the following steps:
- Read the following disclaimer: Action Web makes NO warrantees, either express or implied, including, but not limited to, implied warrantees of merchantability and fitness for a particular purpose, with regard to pgpmail.cgi, and any accompanying hardware or software. In no event shall Action Web be liable for any special, incidental, indirect, or consequential damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or any other pecuniary loss) arising out of the use of or inability to use the software product, even if Action Web has been advised of the possibility of such damages. In other words, while Action Web believes pgpmail.cgi will substantially increase the security of data, we do not guarantee it.
- Obtain PGP or GPG compatible software and learn how to use it. This will be necessary to create the public key that our servers will need to encrypt the data, and also so you will be able to decrypt the encrypted messages that you recive. PGP software may be available as a plug in to your current email software. Freeware PGP software is available for download from http://www.pgpi.org/ or it may be purchased from http://www.pgp.com/. Check the PGP software license agreement to see if you can use the freeware version or if you need to purchase the commercial version.
- Create a PGP key pair according to the instructions included with your PGP software.
- Export the public key in text (ASCII) format.
- Upload the text (ASCII) public key using the Public PGP Key Management option on the SSL Manager menu in ServerTools.
- Create a form and get it working using the formmail.cgi script. Be sure the recipeint of the form exactly matches the PGP key that you have created. For example, if you created a PGP key for John Doe <john@johndoe.com>, the recipient specified in the form must match this exactly like this:
<input type="hidden" name="recipient" value="John Doe <john@johndoe.com>">
- Once you have verified that the recipient is receiving the emails using formmail.cgi, locate the following line in the HTML source of your form:
<FORM ACTION="/cgi-bin/formmail.cgi" METHOD="POST">
To activate pgpmail.cgi, change the above line to:
<FORM ACTION="/cgi-bin/pgpmail.cgi" METHOD="POST">
- Test the form. Make sure you can decrypt the encrypted message you receive. If you no message arrives, and you verified that the forms works with formmail.cgi, most likely pgpmail.cgi was unable to locate your public key. Verify that the recipient name and address specified in the form exactly matches the the user id of the public key you submitted via ServerTools.
|
