Shawn --

...and then Shawn said...
% 
% On 05/28, David T-G said something like:
% > % sort of secure form in memory (encrypted or something).
% > 
% > Now that's an interesting one...  Suppose someone feeds this script a
% > password or a credit card number or such (that is, something manageable,
...
% > 2) How do you then work with it when it's sitting encrypted in memory (in
% > order to, say, hand it off to your merchant account processor for billing)
% > without thereby having it in plaintext (either in memory or somewhere else)?
% 
% Well, if the merchant has his own cipher key, it can all be encrypted
% with the owner's cipher key. That make sense?

OK, I think so.  I like examples, though.

So user Joe goess to https://myserver/script and fills in some values,
including his ccard no, and they get handed back to my script for it to
process.  The http connection is protected, but I get the data in
plaintext, so I encrypt it somehow such that I can either decrypt it
(would I ever need to? ==> i guess it depends on the application) or hand
the encrypted version right off to the bank as they expect it already.

So that takes care of that example, and maybe it was a bad one.  I can't
come up with one that's better, either, but I have in mind something to
which I must refer more than once (hmmm... perhaps a gpg passphrase as a
script works with encrypted files or such) and thus must decrypt to use
(or must I after all?).

Am *I* making sense?  If so, am I making mountains where there are none?


% 
% This protects the data from customer to customer, and there is no need
% at all for plaintext if wherever the data goes understands ciphers.

That part I get.  It's the when-I-do-something-with-it that still has me
wondering.


% 
% 
% --
% Shawn Leas
% [EMAIL PROTECTED]
% 
% I had a friend who was a clown...  when he died, all his friends went to the
% funeral in one car...
%                                               -- Stephen Wright


Thanks again & HAND

:-D
-- 
David T-G                      * It's easier to fight for one's principles
(play) [EMAIL PROTECTED] * than to live up to them. -- fortune cookie
(work) [EMAIL PROTECTED]
http://www.justpickone.org/davidtg/    Shpx gur Pbzzhavpngvbaf Qrprapl Npg!

Attachment: msg24940/pgp00000.pgp
Description: PGP signature

Reply via email to