[ic] Credit Card Processing - Hooking up simple HTTP processing

Peter peter at pajamian.dhs.org
Fri Jan 28 03:23:47 UTC 2011

On 28/01/11 11:13, Richard Siddall wrote:
> Samuel Mullen wrote:
>> Interchange Users,
>> I've been asked to add CC processing to my client's e-commerce system. It
>> currently uses Interchange 4.8.6 (I'm sure it needs upgraded, but they
>> can't afford it).

Define "afford it".  Can they afford to have all their customer's data
available to any hacker that comes along?  Even to have their admin and
their db passwords compromised?  Because that version of IC has a
vulnerability that exposes all of this to anyone with the correct
knowledge to formulate a special URL.  If you want to see a very scary
(but private) demonstration of this, then give me a link to the site,
that's all I need.

>> In any case, I can write the code to speak with the CC
>> processing company it's just a GET, POST, or SOAP, but I've no idea
>> where in
>> the process that call would occur - or even what part of the library. It
>> appears that things go from checkout.html to the receipt page (aka
>> process.html) and something magical happens in between.

Most (but not all) of the "magic" happens in etc/log_transaction.  There
is some "magic" that also happens in the order profile (in
etc/profiles.order) and some minor things in other places as well.

> Looks like you're in danger of re-inventing the wheel.  Interchange
> already supports numerous CC processing gateways.  Look at
> Vend::Payment.  You configure the gateway in catalog.cfg.
> Interchange also comes with Vend::Payment::BusinessOnlinePayment, so you
> can make use of the many Business::OnlinePayment modules on the CPAN.
> If you're targeting a gateway that's not supported by Vend::Payment or
> Business::OnlinePayment, the best approach would be to write a custom
> Vend::Payment subclass or a Business::OnlinePayment module for your
> gateway.

All of this is good advice as well. Also note that newer versions of IC
have newer / updated payment modules available.  Note that the payment
modules are largely backwards compatible so it should be possible to
pull a newer module from the latest IC and use it in your older IC version.


More information about the interchange-users mailing list