Results 1 to 7 of 7
Thread: Session and SSL
Feb 14, 2012, 06:31 #1
Session and SSL
I am working with credit card details atm and am currently storing them in the browser session over an SSL encrypted connection. They are not being passed around between different pages, they are taken on the last page of my checkout and immediately emailed to our administrator. The session is of course destroyed immediately after.
Is this the sensible way to it? Am I relatively safe from hackers over SSL? I have steered well clear of cookies as I have heard so many horror stories.
Normally I wouldn't be writing a custom payment module but the CMS I am using did not have what I needed.
My thinking is that there must be an industry standard way to do this, rules that even smaller development teams can follow?
Anyway I will be interested to know your thoughts on this matter.
Silversurfer"Persistence is the path to perfection"
Feb 14, 2012, 06:53 #2
But really...you should be using a third-party payment gateway, like Paypal or other.
Feb 14, 2012, 06:56 #3
Well I have to get the information , there's no other way around. What do you suggest, I can't magic them through the air?? Also this isn't even being Beta tested yet, it is just a unit test which is why I am posting on here before I make anything concrete. I am not using a 3rd party payment gateway because it just doesn't suit the requirements of our business model. It's a drop-ship model so the details are no good to us and must be sent straight to the distributor."Persistence is the path to perfection"
Feb 14, 2012, 06:58 #4
Feb 14, 2012, 07:09 #5
Is there a way to use pay-pal to relay details to 3rd parties?"Persistence is the path to perfection"
Feb 14, 2012, 07:10 #6
Feb 14, 2012, 07:14 #7
Thanks for your help, I appreciate it."Persistence is the path to perfection"