From owner-freebsd-java Sat Feb 20 15:55:53 1999 Delivered-To: freebsd-java@freebsd.org Received: from paprika.michvhf.com (paprika.michvhf.com [209.57.60.12]) by hub.freebsd.org (Postfix) with SMTP id 15D6210E05 for ; Sat, 20 Feb 1999 15:55:32 -0800 (PST) (envelope-from vev@michvhf.com) Received: (qmail 24006 invoked by uid 1001); 20 Feb 1999 23:55:36 -0000 Date: Sat, 20 Feb 1999 18:55:36 -0500 (EST) From: Vince Vielhaber To: freebsd-java@freebsd.org Subject: Re: somewhat new to java questions In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-java@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, 20 Feb 1999 patl@phoenix.volant.org wrote: > > On Fri, 19 Feb 1999, Mike Jeays wrote: > > > > The dilemna I'm looking at (which is solved with Java) is something > > that will safely take credit card info and move it to another machine. > > While it's true that I can get a secure web server and a certificate, > > lets face it.. Someone's smokin dope if they think a new business is > > gonna have the cash and overhead to implement such a thing. My choices > > were the linux e-commerce thing for $100 (which I almost did but the > > folks at RedHat couldn't seem to send me a copy of the license), going > > illegal and running apache-ssl without the license, getting the license > > from RSA (at US$10K) or taking the advise of an old professor that had > > Stronghold isn't nearly that expensive (I think it's around US$1K now.) > It's basicly a fully licensed Apache with SSL. http://www.c2.net/ > And it's a tax-deductable business expense. (If you value your time > as low as $25/hr, you'd still need to be able to develop your app in > less than 40 hours to break even; even without counting the tax deduction.) Plus the certificate. For about $125 you can get the Thawte, but that's not taken at face value. > > > > a question that we were to always ask ourselves before answering, "Can > > I do it better?". The only palletable answer was, "Yes, I can do it > > better". So I wrote a java applet that uses noone's copyrighted, > > patented, pay-me-to-use-it encryption schemes and appears to be secure > > enuf to use. Right now the only requirement is that Netscape 4.5 be > > used. One day I hope to be able to release it so everyone can benefit. > > What encryption schemes does it use? And what do you do about customers > that might not want to, or might not be able to run Java applets? Imagine a deck of cards. Write one piece of info on each card. Then play games with the values (randomly) on each card. No two cards are to be treated the same way. Now add another deck with random values of meaningless data. Now shuffle the spots off of it. Now play with the values again on each card individually. Shuffle and send to the host machine. The games played with each value throughout the entire process is based off of other values encountered along the way. This is actually a rather generic description, I wasn't anywhere near this simple in the process. I was thinking of MY creditcard as I wrote it! > > Personally, I wouldn't knowingly trust my credit card number to anything > that hadn't been thoroughly reviewed by the crypto wonks... I would hope that noone would knowingly be that free and careless with their creditcard info. The sad fact of the matter is that too many people are. I offer three ways to pay for a purchase: the Java applet (which is my first preference), picking up the phone and calling it in and using an unsecured form. Note, the phone method is available 24 hours a day. The last thing I'd ever want to do would be to aid in the demise of e-commerce. Too many have too much at stake. Vince. -- ========================================================================== Vince Vielhaber -- KA8CSH email: vev@michvhf.com flame-mail: /dev/null # include TEAM-OS2 Online Campground Directory http://www.camping-usa.com Online Giftshop Superstore http://www.cloudninegifts.com ========================================================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-java" in the body of the message