[ic] {Spam?} Re: Credit Card Processing - Hooking up simple HTTP processing

Rick Bragg lists at gmnet.net
Sat Jan 29 08:44:12 UTC 2011


On Fri, 2011-01-28 at 16:23 +1300, Peter wrote:
> On 28/01/11 11:13, Richard Siddall wrote:
> > Samuel Mullen wrote:
> >> Interchange Users,
> >>
> >> I've been asked to add CC processing to my client's e-commerce system. It
> >> currently uses Interchange 4.8.6 (I'm sure it needs upgraded, but they
> >> can't afford it).
> 
> Define "afford it".  Can they afford to have all their customer's data
> available to any hacker that comes along?  Even to have their admin and
> their db passwords compromised?  Because that version of IC has a
> vulnerability that exposes all of this to anyone with the correct
> knowledge to formulate a special URL.  If you want to see a very scary
> (but private) demonstration of this, then give me a link to the site,
> that's all I need.
> 
> >> In any case, I can write the code to speak with the CC
> >> processing company it's just a GET, POST, or SOAP, but I've no idea
> >> where in
> >> the process that call would occur - or even what part of the library. It
> >> appears that things go from checkout.html to the receipt page (aka
> >> process.html) and something magical happens in between.
> 
> Most (but not all) of the "magic" happens in etc/log_transaction.  There
> is some "magic" that also happens in the order profile (in
> etc/profiles.order) and some minor things in other places as well.
> 
> > Looks like you're in danger of re-inventing the wheel.  Interchange
> > already supports numerous CC processing gateways.  Look at
> > Vend::Payment.  You configure the gateway in catalog.cfg.
> > 
> > Interchange also comes with Vend::Payment::BusinessOnlinePayment, so you
> > can make use of the many Business::OnlinePayment modules on the CPAN.
> > 
> > If you're targeting a gateway that's not supported by Vend::Payment or
> > Business::OnlinePayment, the best approach would be to write a custom
> > Vend::Payment subclass or a Business::OnlinePayment module for your
> > gateway.
> 
> All of this is good advice as well. Also note that newer versions of IC
> have newer / updated payment modules available.  Note that the payment
> modules are largely backwards compatible so it should be possible to
> pull a newer module from the latest IC and use it in your older IC version.
> 
> 
> Peter
> 
> 
> _______________________________________________
> interchange-users mailing list
> interchange-users at icdevgroup.org
> http://www.icdevgroup.org/mailman/listinfo/interchange-users
> 

Upgrade is the first order of business in my opinion. Then take a look
at etc/log_transaction to customize checkout actions.

Rick







More information about the interchange-users mailing list