SitePoint Sponsor

User Tag List

Results 1 to 7 of 7

Thread: Session and SSL

  1. #1
    SitePoint Evangelist silversurfer5150's Avatar
    Join Date
    Aug 2010
    Posts
    534
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question Session and SSL

    Hi guys,

    I am working with credit card details atm and am currently storing them in the browser session over an SSL encrypted connection. They are not being passed around between different pages, they are taken on the last page of my checkout and immediately emailed to our administrator. The session is of course destroyed immediately after.

    Is this the sensible way to it? Am I relatively safe from hackers over SSL? I have steered well clear of cookies as I have heard so many horror stories.

    Normally I wouldn't be writing a custom payment module but the CMS I am using did not have what I needed.

    My thinking is that there must be an industry standard way to do this, rules that even smaller development teams can follow?

    Anyway I will be interested to know your thoughts on this matter.

    thanks

    Silversurfer
    "Persistence is the path to perfection"

  2. #2
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by silversurfer5150 View Post
    ...immediately emailed to our administrator...
    No! BAD BAD BAD! DO NOT EVER EMAIL credit cards or other private information. In fact you should not be handling credit cards and other private information AT ALL! And yes, there is a whole "industry standard" way and set of rules. See: https://en.wikipedia.org/wiki/Paymen...urity_Standard

    But really...you should be using a third-party payment gateway, like Paypal or other.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  3. #3
    SitePoint Evangelist silversurfer5150's Avatar
    Join Date
    Aug 2010
    Posts
    534
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well I have to get the information , there's no other way around. What do you suggest, I can't magic them through the air?? Also this isn't even being Beta tested yet, it is just a unit test which is why I am posting on here before I make anything concrete. I am not using a 3rd party payment gateway because it just doesn't suit the requirements of our business model. It's a drop-ship model so the details are no good to us and must be sent straight to the distributor.
    "Persistence is the path to perfection"

  4. #4
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by logic_earth View Post
    But really...you should be using a third-party payment gateway, like Paypal or other.
    Quote Originally Posted by silversurfer5150 View Post
    Well I have to get the information , there's no other way around. What do you suggest, I can't magic them through the air??
    Above.
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  5. #5
    SitePoint Evangelist silversurfer5150's Avatar
    Join Date
    Aug 2010
    Posts
    534
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Is there a way to use pay-pal to relay details to 3rd parties?
    "Persistence is the path to perfection"

  6. #6
    . shoooo... silver trophy logic_earth's Avatar
    Join Date
    Oct 2005
    Location
    CA
    Posts
    9,013
    Mentioned
    8 Post(s)
    Tagged
    0 Thread(s)
    Logic without the fatal effects.
    All code snippets are licensed under WTFPL.


  7. #7
    SitePoint Evangelist silversurfer5150's Avatar
    Join Date
    Aug 2010
    Posts
    534
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for your help, I appreciate it.
    "Persistence is the path to perfection"


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •