Specifications

ManualsBrandsMaxxus ManualsExercise BikePRO SPK-23

371

372

373

374

375

376

377

378

379

380

While we are thinking about the security of our script, it is important to consider all flows of

information within our system. GPG will encrypt our email and allow our recipient to decrypt

it, but how does the information originally come from the sender? If we are providing a Web

interface to send GPG encrypted mail, the flow of information will look something like

Figure 15.5.

E-commerce and Security

ART III

346

Recipient’s

Mail

Server

Sender’s

Browser

Recipient’s

Mail

Client

Web

Server

FIGURE 15.5

In our encrypted email application, the message is sent via the Internet three times.

In this figure, each arrow represents our message being sent from one machine to another.

Each time the message is sent, it travels through the Internet and might pass through a number

of intermediary networks and machines.

The script we are looking at here exists on the machine labeled Web Server in the diagram. At

the Web server, the message will be encrypted using the recipient’s public key. It will then be

sent via SMTP to the recipient’s mail server. The recipient will connect to his mail server,

probably using POP or IMAP, and download the message using a mail reader. Here he will

decrypt the message using his private key.

The data transfers in Figure 15.5 are labeled 1, 2, and 3. For stages 2 and 3, the information

being transmitted is a GPG encrypted message and is of little value to anybody who does not

have the private key. For transfer 1, the message being transmitted is the text that the sender

entered in the form.

If our information is important enough that we need to encrypt it for the second and third leg

of its journey, it is a bit silly to send it unencrypted for the first leg. Therefore, this script

belongs on a server that uses SSL.

If we connect to our script using a port other than 443, it will provide a warning. This is the

default port for SSL. If your server uses a non-default port for SSL, you might need to modify

this code.

Rather than providing an error message, we could deal with this situation in other ways. We

could redirect the user to the same URL via an SSL connection. We could also choose to

ignore it because it is not usually important if the form was delivered using a secure connec-

tion. What is usually important is the details that the user has typed into the form are sent to us

securely. We could simply have given a complete URL as the action of our form.

19 7842 CH15 3/6/01 3:40 PM Page 346