Russ I think I understand, however I just wanted to bring your attention to the process I use.
The user selects a product subscription and is sent to a form on my server which asks for their personal details ie home address etc, but not payment information. Once they click on submit the page I use files all the personal information in the database and then does the http post to secpay's secure payment page. They then enter their credit card information in on this page and the payment is processed. Secpay then activates a script on my server for callback to feedback information regarding the payment's success or failure, which I then log in the database accordingly. So even if I transfer the user via cfhttp to secpay's secure payment facility, because I am still technically in an unsecure environment I would need to secure it with my own certificate? Graham ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:243341 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
