Q: Form->Auto Encrypted->Emailed
Michael Landau
posted form that is being submitted via e-mail to my address?
Is there a not so simple way to do this?
CGI?
Is there vulnerability before the message is actually encrypted?
Any comments via e-mail would be greatly appreciated.
J B Bell
Michael Landau (lan...@uchastings.edu) wrote:
: Is there a simple way to AUTOMATICALLY encrypt the contents of a
You could do something like this with a CGI script, but the post action
from the form would be cleartext until it hit your webserver.
The only way to obtain serious security from form to server is to build
it into the client software. So far, SSL has the monopoly on that.
--JB
Rev. J B Bell | Eschatek | ____
cip...@eschatek.com | Tools & Technologies | \bi/
http://www.eschatek.com/~cipher | for a Changing & Doomed Planet | \/
--> MCH G+ QH++ 666+ W- C+++ N++ <--
Robert J Seymour
Michael Landau <lan...@uchastings.edu> wrote in comp.lang.perl.misc:
> Is there a simple way to AUTOMATICALLY encrypt the contents of a
> posted form that is being submitted via e-mail to my address?
Well, that depends on what you mean by encrypt and by automatically.
It might be helpful if you could provide some specifics. Are you
looking for private or public key encryption? What level of security
is required? What software can be assumed on the end originating the
encrypted email?
I suspect you aren't very familiar with cryptography and how it is
implemented, a very good book on this subject is _Applied
Cryptography, 2nd Edition_ by Bruce Schneier. Its pretty technical,
but very thorough and accurate. The sci.crypt FAQ would probably be a
good place to start as well.
Once you have a good idea on what you are looking to do, the first
relevant question is whether this is a Perl specific problem or not
(just becuase you are implementing it in Perl, it doesn't imply that a
Perl newsgroup is the appropriate forum for your question). If this
is a general cryptography question, then one of the cryptography
newsgroups would be a more appropriate forum. If you are looking for
a Perl-specific answer to some subset of this system, take a look at
the cryptography related modules on CPAN and see if they don't meet
your needs.
Regards, Robert
Robert J Seymour rsey...@rseymour.com
<URL:http://rseymour.com/>
Programmer, Writer, Hacker of the Global Economy
Hal
[Perl, CGI newsgroups trimmed, Java added.]
Michael Landau <lan...@uchastings.edu> writes:
>Is there a simple way to AUTOMATICALLY encrypt the contents of a
>posted form that is being submitted via e-mail to my address?
If you didn't want to email it, a simple approach would be to use a
secure server which supports encrypted communication such as via
Netscape's SSL protocol.
For the email approach, you could use Java. You could have a Java
applet which would display the form and let the user fill it in, and
then when the Submit button was pressed, it could encrypt it using your
public key, and send it via email. The form data would never be off
the client's machine in plaintext form, so this would be pretty secure
against snoopers.
I have been working on an applet which works similarly to this,
although it doesn't really use a form for input, it just lets the user
send encrypted email. For the encrypted-form application you'd want
the applet to accept HTML control parameters which would be similar to
conventional HTML form specifications. However I'm not sure there would
be enough demand for form submission via email to make the effort
worthwhile.
Hal Finney
hfi...@shell.portal.com