Paul,
Thanks. Yes I was thinking about something close to that. Of course when
the CC is entered you can do the check digit to make sure the number is valid.
I have a good background in Flex all the way back to flex 1.5. I haven't
started with AIR yet, but I am thinking so I put the CC into the value object
and attempt to call my webservice to actually do the charge. I am looking for
details about how the application handles the fact it can't get to the
webservice. What is AIR doing being the scene to "save" that so it can resend
it when a connection is available again. Yes if I encrypt the CC before
putting it into the value object that helps, but I still have to answer the
question for the auditors of where is the encrypted information stored. Is it
purged after the connection is reestablished, etc. So in a perfect world maybe
there is a flag for a field in AIR that if it has to store it for a temp time
that it will encrypt it. I am just having
a hard time finding out the low level details of how this is supported (The
store and forward).
Thanks
Jeff
----- Original Message ----
From: Paul Andrews <[EMAIL PROTECTED]>
To: [email protected]
Sent: Tuesday, January 15, 2008 9:33:23 AM
Subject: Re: [flexcoders] Adobe AIR Disconnected storage with Credit Cards
----- Original Message -----
From: Jeff Krueger
To: [EMAIL PROTECTED] ups.com
Sent: Tuesday, January 15, 2008 4:26 PM
Subject: [flexcoders] Adobe AIR Disconnected storage with Credit Cards
Hello,
I am trying to find more detailed information about how Adobe AIR is able
to support a disconnected session. I believe I read somewhere that it is using
a sqlanywhere DB, but I could be 100% wrong on that. My question is I am
wondering if the temporary storage of this information is encrypted in any way.
We are looking at creating an AIR application that will take credit cards.
You can imagine the regulations around that. So I was wondering if there is
any documentation as to the details of how the disconnected sessions are
implemented in AIR. So far I have not been able to find anything. Any help on
this would be greatly appreciated.
How about encrypting them in the application?
If the application is disconnected, you won't be able to verify the cards. Most
websites don't keep credit card details (unless the user specifically allows
it) so credit cards and a disconnected application sound like a challenge. I
can't remember the last time I gave credit card info that wasn't verified on
the spot.
Paul
Thanks
Jeff
____________________________________________________________________________________
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
