Question on Dreamhost Services


#1

I am trying to implement a “secure as possible” yet easy to manage (managing customer information) plan for a new site. I for sure want to use SSL for securing the sensitive information in transact. When customer submits sensitive information, that information is then compiled into an e-mail using like PGP 1024-bit encryption and secure signature to protect the e-mail contents and then submit this e-mail via secure send to a private station which then decrypts, authenticates, and then verifies the information. In other words, the sensitive information is securely sent while the general information is stored in a MySQL database. So if someone breaks into the database the information stored there is useless to them.

Just FYI, I will be using PHP and MySQL of course. PHP or even CGI could be used to handle the PGP e-mail compilation. What I found is that PGP constructs the e-mail via shell command executed commands. I am not sure what Dreamhost limits us site administrators to through their available services. Please advise on this.

My implementation is really rough draft so if you have something better in mind please share.

Thanks all.


#2

Thanks for the info. I have searched the kbase and found a Perl module that would be useful which was called Crypt::GPG. I also saw the information about using PGP with formmail. Ok, so if I get a secure server package from Dreamhost does GPG and formmail come with this package? If not, which web hosting package(s) and/or add-ons do I need to look into?


#3

We don’t have a PGP / GnuPG enabled form to mail script - you’d have to install that yourself (and take necessary precautions to prevent it from being abused to send spam).

There are a number of such scripts available on the web.


#4

If I were to use formmail it wouldn’t be via a general form submission but used more like an accessory where the values are filled in in the backend by coding.