[ic] {Spam?} Re: Credit Card Processing - Hooking up simple HTTP processing
Rick Bragg
lists at gmnet.net
Sat Jan 29 08:44:12 UTC 2011
On Fri, 2011-01-28 at 16:23 +1300, Peter wrote:
> On 28/01/11 11:13, Richard Siddall wrote:
> > Samuel Mullen wrote:
> >> Interchange Users,
> >>
> >> I've been asked to add CC processing to my client's e-commerce system. It
> >> currently uses Interchange 4.8.6 (I'm sure it needs upgraded, but they
> >> can't afford it).
>
> Define "afford it". Can they afford to have all their customer's data
> available to any hacker that comes along? Even to have their admin and
> their db passwords compromised? Because that version of IC has a
> vulnerability that exposes all of this to anyone with the correct
> knowledge to formulate a special URL. If you want to see a very scary
> (but private) demonstration of this, then give me a link to the site,
> that's all I need.
>
> >> In any case, I can write the code to speak with the CC
> >> processing company it's just a GET, POST, or SOAP, but I've no idea
> >> where in
> >> the process that call would occur - or even what part of the library. It
> >> appears that things go from checkout.html to the receipt page (aka
> >> process.html) and something magical happens in between.
>
> Most (but not all) of the "magic" happens in etc/log_transaction. There
> is some "magic" that also happens in the order profile (in
> etc/profiles.order) and some minor things in other places as well.
>
> > Looks like you're in danger of re-inventing the wheel. Interchange
> > already supports numerous CC processing gateways. Look at
> > Vend::Payment. You configure the gateway in catalog.cfg.
> >
> > Interchange also comes with Vend::Payment::BusinessOnlinePayment, so you
> > can make use of the many Business::OnlinePayment modules on the CPAN.
> >
> > If you're targeting a gateway that's not supported by Vend::Payment or
> > Business::OnlinePayment, the best approach would be to write a custom
> > Vend::Payment subclass or a Business::OnlinePayment module for your
> > gateway.
>
> All of this is good advice as well. Also note that newer versions of IC
> have newer / updated payment modules available. Note that the payment
> modules are largely backwards compatible so it should be possible to
> pull a newer module from the latest IC and use it in your older IC version.
>
>
> Peter
>
>
> _______________________________________________
> interchange-users mailing list
> interchange-users at icdevgroup.org
> http://www.icdevgroup.org/mailman/listinfo/interchange-users
>
Upgrade is the first order of business in my opinion. Then take a look
at etc/log_transaction to customize checkout actions.
Rick
More information about the interchange-users
mailing list