On Sep 22, 2007, at 10:11 AM, Joshua Layne wrote:
a brief googling * turned up 'substruct' - open source, based on ruby on rails - meets a subset of your requirements, but may be extensible enough that you don't have to reinvent the entire wheel, only the shiny new spin-rims.
The carts I've played with generally have no concept of credit card security. I did a project with zencart a while back, and had to retrofit my own credit card security model into the system because it just stored credit card information in the database, where an SQL injection attack would reveal everything.
I haven't looked closely at substruct - maybe they do something smarter. My personal model for credit card security is to never store the credit card information on a customer-facing machine, and indeed only keep that information as long as it's needed, even on a back office machine. This way, even if you screw up the security on your customer-facing machine, the worst risk is that some info will be exposed until you detect the security compromise - there's no risk that everybody who ever ordered anything from you will have to get a new credit card.
_______________________________________________ OpenMoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community
