Re: forms

I don't know why your script doesn't send the mail, you should post here your script so we can have a look.

To secure your site, you need a SSL certificate: have a look at http://www.vodahost.com/ssl.htm

However, unless you have a merchand account, the Credit Card info is useless. Why don't you set up the payment with PayPal ? Clients feel much more comfortable giving their CC info on PayPal's site than on yours. At least i would.

Re: forms

If you want to make your page secure, why dont you use the services of
milleniumhackersecured?
They can even supply you with a certificate!!!

Re: forms

David, you bad boy !! hehe

Re: forms

<FORM name="services form" method="POST" action="action.php" enctype="multipart/form-data">
<DIV style="position:absolute;left:158px;top:146px;widt h:224px;height:33px;z-index:86" align="left">
<FONT style="FONT-SIZE:8pt" color="#0000FF" face="Arial"><B>Fields Denoted by a </FONT><FONT style="FONT-SIZE:12pt" color="#FF0000" face="Arial">*</FONT><FONT style="FONT-SIZE:8pt" color="#0000FF" face="Arial"> are required fields</B></FONT>
</DIV>
<DIV style="position:absolute;left:75px;top:163px;width :79px;height:17px;z-index:87" align="left">
<FONT style="FONT-SIZE:11pt" color="#FF0000" face="Arial"><B><I>*</FONT><FONT style="FONT-SIZE:11pt" color="#000000" face="Arial">Company</B></I></FONT>
</DIV>
<DIV style="position:absolute;left:67px;top:193px;width :87px;height:17px;z-index:88" align="left">
<FONT style="FONT-SIZE:11pt" color="#FF0000" face="Arial"><B><I>*</FONT><FONT style="FONT-SIZE:11pt" color="#000000" face="Arial">First Name</B></I></FONT>
</DIV>
<INPUT type="text" style="position:absolute;left:158px;top:192px;widt h:144px;z-index:89" size="18" name="first name" value="">
<DIV style="position:absolute;left:315px;top:197px;widt h:87px;height:17px;z-index:90" align="left">
<FONT style="FONT-SIZE:11pt" color="#FF0000" face="Arial"><B><I>*</FONT><FONT style="FONT-SIZE:11pt" color="#000000" face="Arial">Last Name</B></I></FONT>
</DIV>
<DIV style="position:absolute;left:38px;top:222px;width :120px;height:17px;z-index:91" align="left">
<FONT style="FONT-SIZE:11pt" color="#FF0000" face="Arial"><B><I>*</FONT><FONT style="FONT-SIZE:11pt" color="#000000" face="Arial">Billing Address</B></I></FONT>
</DIV>
<DIV style="position:absolute;left:116px;top:257px;widt h:38px;height:17px;z-index:92" align="left">
<FONT style="FONT-SIZE:11pt" color="#FF0000" face="Arial"><B><I>*</FONT><FONT style="FONT-SIZE:11pt" color="#000000" face="Arial">City</B></I></FONT>
</DIV>
<INPUT type="text" style="position:absolute;left:158px;top:251px;widt h:128px;z-index:93" size="16" name="city" value="">
<DIV style="position:absolute;left:297px;top:256px;widt h:47px;height:17px;z-index:94" align="left">
<FONT style="FONT-SIZE:11pt" color="#FF0000" face="Arial"><B><I>*</FONT><FONT style="FONT-SIZE:11pt" color="#000000" face="Arial">State</B></I></FONT>
</DIV>
<INPUT type="text" style="position:absolute;left:351px;top:251px;widt h:56px;z-index:95" size="7" name="state" value="">
<DIV style="position:absolute;left:427px;top:256px;widt h:33px;height:17px;z-index:96" align="left">
<FONT style="FONT-SIZE:11pt" color="#FF0000" face="Arial"><B><I>*</FONT><FONT style="FONT-SIZE:11pt" color="#000000" face="Arial">Zip</B></I></FONT>
</DIV>
<DIV style="position:absolute;left:92px;top:313px;width :60px;height:34px;z-index:97" align="left">
<FONT style="FONT-SIZE:11pt" color="#FF0000" face="Arial"><B><I>*</FONT><FONT style="FONT-SIZE:11pt" color="#000000" face="Arial">Phone#</B></I></FONT>
</DIV>
<INPUT type="text" style="position:absolute;left:159px;top:310px;widt h:120px;z-index:98" size="15" name="phone" value="">
<DIV style="position:absolute;left:44px;top:342px;width :114px;height:17px;z-index:99" align="left">
<FONT style="FONT-SIZE:11pt" color="#FF0000" face="Arial"><B><I>*</FONT><FONT style="FONT-SIZE:11pt" color="#000000" face="Arial">Email Address</B></I></FONT>
</DIV>
<INPUT type="text" style="position:absolute;left:159px;top:342px;widt h:280px;z-index:100" size="35" name="email" value="">
<DIV style="position:absolute;left:28px;top:372px;width :131px;height:17px;z-index:101" align="left">
<FONT style="FONT-SIZE:11pt" color="#FF0000" face="Arial"><B><I>*</FONT><FONT style="FONT-SIZE:11pt" color="#000000" face="Arial">Website Address</B></I></FONT>
</DIV>
<INPUT type="text" style="position:absolute;left:158px;top:372px;widt h:280px;z-index:102" size="35" name="website address" value="">
<DIV style="position:absolute;left:33px;top:404px;width :129px;height:34px;z-index:103" align="left">
<FONT style="FONT-SIZE:11pt" color="#000000" face="Arial"><B><I>How did you find<BR>
&nbsp;&nbsp;&nbsp; out about us?</B></I></FONT>
</DIV>
<TEXTAREA name="how did u hear about us" style="position:absolute;left:158px;top:404px;widt h:383px;height:52px;z-index:104" rows=2 cols=45></TEXTAREA>
<DIV style="position:absolute;left:160px;top:460px;widt h:395px;height:28px;z-index:105" align="left">
<FONT style="FONT-SIZE:8pt" color="#0000FF" face="Arial"><B>if you were referred by another subscriber, please enter their name and website address so we can give </FONT><FONT style="FONT-SIZE:8pt" color="#0000FF" face="Arial">proper </FONT><FONT style="FONT-SIZE:8pt" color="#0000FF" face="Arial">credit</B></FONT>
</DIV>
<INPUT type="text" style="position:absolute;left:157px;top:164px;widt h:408px;z-index:106" size="51" name="company" value="">
<INPUT type="text" style="position:absolute;left:412px;top:193px;widt h:152px;z-index:107" size="19" name="last name" value="">
<INPUT type="text" style="position:absolute;left:158px;top:222px;widt h:408px;z-index:108" size="51" name="billing" value="">
<INPUT type="text" style="position:absolute;left:470px;top:251px;widt h:96px;z-index:109" size="12" name="zip" value="">
<DIV style="position:absolute;left:52px;top:115px;width :327px;height:16px;z-index:110" align="left">
<FONT style="font-size:13px" color="#000000" face="Arial"><B>Yearly only $803.88 ($66.99 per month)</B></FONT>
</DIV>
<DIV style="position:absolute;left:51px;top:97px;width: 269px;height:16px;z-index:111" align="left">
<FONT style="font-size:13px" color="#000000" face="Arial"><B>Quarterly only $239.97&nbsp; ($79.99 per month)</B></FONT>
</DIV>
<DIV style="position:absolute;left:51px;top:77px;width: 211px;height:16px;z-index:112" align="left">
<FONT style="font-size:13px" color="#000000" face="Arial"><B>Monthly only $84.99 (per month)</B></FONT>
</DIV>
<INPUT type="checkbox" name="" value="" style="position:absolute;left:34px;top:75px;z-index:113">
<INPUT type="checkbox" name="" value="" style="position:absolute;left:34px;top:95px;z-index:114">
<INPUT type="checkbox" name="" value="" style="position:absolute;left:34px;top:113px;z-index:115">
<DIV style="position:absolute;left:32px;top:40px;width: 518px;height:32px;z-index:116" align="left">
<FONT style="font-size:27px" color="#0000FF" face="Verdana">Select A Rate Plan:</FONT><FONT style="font-size:16px" color="#0000FF" face="Arial"> </FONT><FONT style="font-size:16px" color="#000000" face="Arial"><B>(Guarenteed Lowest Prices)</B></FONT>
</DIV>
<INPUT type="submit" name="Submit" value="Submit " style="position:absolute;left:197px;top:589px;widt h:123px;height:25px;z-index:117">
<INPUT type="reset" name="Clear" value="Clear Form" style="position:absolute;left:326px;top:589px;widt h:104px;height:25px;z-index:118">
</FORM>

Re: forms

Me thinks Millenium Secured doesn't do what they claim- specially if they don't know or understand SSL -

Me thinks the "certificate" they will allow to be put on a site after being paid, isn't worth anything

But just what "me thinks".

Re: forms

John

I have tried to explain to you.. YOU CANNOT secure EMAIL! NOBODY in their right mind will send you their credit card info via EMAIL and if you do it via this form that doesnt let them know thats exactly what you are doing, you could be up for fraud charges! Even if you get HTTPS it doesnt secure email. You can make that form build a table on your site that you encrypt, but you cant encrypt the email.

I dont know WHY I cant get you to understand this, since you profess to be able to scan sites and declare them secure! You should KNOW that you cannot secure information of this type in an email .. form or no form!

Not only that. Do you think you can just walk to the bank and give them these credit card numbers and they deposit money in your bank???? It doesnt work like that. You have to have a merchant account!!

Not only that.. I think anyone who helps you FLEECE credit card numbers via email can get themselves into trouble too! Sorry Naval, no offense to your expertise! Its your call!

Karen

Re: forms


??? Did I say something different ? I said that i would NOT give my cc info on such a site.


I have built a hotel room reservation system ( look here ) . CC info there is required. I have advised them to purchase a SSL (which they have not yer done) and, furthermore, i have arranged the scripts in such a way that the CC info is NOT sent through the mail, but only stored in the database, along with the rest of the info. The Hotel Desk staff, can view the info in secure mode (when they will have the SSL) and simply copy / paste from the screen.

However, encryption of ANY info, including cC INFO, IS QUITE POSSIBLE, USING PRIVATE ALGORITHMS. The CC info is encrypted directly by the script, before it is sent through email. When received, it can be decrypted, using the oposite algorithm. This is NOT a problem.

The problem is to convince the visitor that you actually have such an algorithm installed. I would NOT beleive it even if they could show me the script....

Re: forms

For Nightvision: this is NOT your form processing script, this is your FORM page code. Please post here your form processing script.

Re: forms

Naval,

I would be very careful of making sure that you have not just told them about purchasing an SSL - but you get a signed document from them in the meantime that you made that recommendation and they won't hold you liable if someone uses it in the meantime without the SSL.

It's not secure right now, and that's so very dangerous. And if something happens before they get the SSL or if they seem to think they can continue without it - at some point, there will be a lawsuit when someone's information is compromised.

Very nice form - and I know you already know what I just stated - but some things disturb me greatly - and I know there are just too many people out there that have no idea to look for the https - and so do the criminals.

Re: forms

Beth, i have the whole list of emails on the issue..... I have covered my back before going on.....

Re: forms

Naval,

No you said that you wouldnt, and the database is easier encrypted than any email you can send even with a programmer to set it up. I just wanted you to know I had already TRIED to explain this to him when he asked me to assist him with his form. And as you said, I wouldnt trust an email encryption even if I seen the script.

It is common, to encrypt a database on a secure server to do as your hotel, along with periodically erasing the information after it is processed and no longer needed. As well as manually running the charges.

Anyway, I was trying to only make you aware of the situation, and thats why i apologized up front. And that it was up to you, if you could make him understand further, if you wanted to assist him in fixing his form.

Sorry if you mistook it!

Karen

Re: forms

:) Naval - I was sure you had. But we do take care of each other, don't we?

And I like to try to cover the backs of all the innocent people who get duped - unfortunately, I can't do that as well.

Re: forms

Yes, Karen and Beth. You are both absolutely correct.
Just to make a small resume:

CC info can be required by a site, but NO visitor in the world would provide such info if he doesn't have the certainty that his info is not going to be used for fraud charges. And, unless it is a well known company's site, i beleive that noone should give his cc info, even on secure sites.
Givin the cc info is sometimes unavoidable. You CANNOT make (at least in Italy) a hotel reservation if you don't provide it. Its up to the company that runs the site to make you trust them.

From the technical point of view even emails can be secured by using private encryption. Even if the mail content got captured, it would be useless to a hacker without the decryption code/algorithm/key.

The client doesn't even wonder about all this. He either trusts the company, and in that case he will provide the cc info, or he will not. He can't know if his info is treated in a secure way or not, after he has given it. It is up to the company to make sure that the info is treated in a secure mode.

A client should first see if the site is a secure one (if it has a SSL certificate or not). He should then consider if he trusts or not that company.

In some cases, a solution to the problem is that of using a prepaid card with only a low limit. These cards allow you to only have a minimum of money in your account, so that bad use of the card info would only lead to a small loss.

Europeans buing online from US sites, cannot know the payment gateways used in US, with the exception of a few known ones (like PAyPal). In that case, they mistrust anyway, and this prepaid card can be a solution.

Re: forms

Naval, I agree with you - but I know firsthand that the average person shopping online doesn't have a clue what to look for. I was part of a large group that was helping a credit card company, the local police and a city in Wisconsin, USA that was attempting to teach people how to not have their identity stolen. The simplest things and that weren't aware. They'd say they were afraid to give credit card information online, but didn't know how to tell one site from another.

And it's why things like the site in question on this thread upset me. How can he claim to be securing websites - when he doesn't even know how to secure payments?

I also saw a case where the people who designed a website for a company was brought into court because the people who owned the website believed they had done everything necessary- and they didn't have ssl - and were taking information without - and a hacker was stealing it all. The design firm settled - so there's no way of know if they would have been found guilty - but they were going to be taken to court - as they were being told it was their responsibility to make sure the client knew what they needed. (Which is why I said for you to cover yourself).

I don't want to see anyone getting hurt - and just by seeing how many people are duped by the fake emails claiming to be from paypal or a bank - we know that people are taken every day.

Anyway, I see it as part of my responsibility in helping build or design websites to make sure when someone is doing it where it's not secure for the end-user - I'm going to speak up.