[ic] checkout confirmation page
Mike Heins
interchange-users@icdevgroup.org
Fri Apr 25 17:14:00 2003
Quoting Joshua Rusch (josh@strongwords.org):
> Hi,
>
> I'm wondering if there is a secure way in the most recent versions of
> interchange (4.9.7) to have a confirmation page in checkout, ie have the
> credit card number collected on checkout page 1, but do the actual
> charge upon submitting checkout page 2-which just shows a review of the
> information (without showing credit card number of course!).
There is no secure way in any software that I know of, only insecure
ways (i.e. storing the credit-card number en-clair on disk). That is
why we never do it that way.
You could do an auth early in the cycle, then reverse it if the order
didn't get placed -- that would be secure but hard to maintain.
So if you really want to do it, you will have to do it insecurely.
--
Mike Heins
Perusion -- Expert Interchange Consulting http://www.perusion.com/
phone +1.513.523.7621 <mike@perusion.com>
Unix version of an Outlook-style virus:
It works on the honor system. Please forward this message to everyone
you know, and delete a bunch of your files at random.