Flex using HTTPS is as secure (and is equivalent) to an HTML page using HTTPS. So, if you're basically creating the equivalent of an HTML FORM in Flex, then it's perfectly suite (and is equivalent as far as the backend is concerned) to doing the same thing in HTML.
So, for example, if you use something like PayPal's API (which they PHP bindings for) and basically just submit a bunch of post vars (over HTTPS) to your backend PHP, it would operate identically to the equivalent HTML FORM. Troy. On Fri, Jun 13, 2008 at 8:08 AM, tspyro2002 <[EMAIL PROTECTED]> wrote: > Thanks Pat, > > I would be processing the payments via PHP as the rest of the site > utilizes it and a mySQL DB. Is it enough then for the Flex app to be > accessed via HTTPS - will this make it secure enough? > > Sorry if I'm asking stupid questions - although I have developed Flex > applications in the past I have never incorporated or used a Payment > System in a site before. > > I agree that the pop up window is a bad idea and didn't want to go > down that route. Wherever possible I want to keep the user in the Flex > sandbox. > > --- In [email protected], "Pat Buchanan" <[EMAIL PROTECTED]> wrote: >> >> I wouldn't use Flex to process credit card - I would use your > backend server >> like ColdFusion or PHP. You send the CC info to the server over >> SSL/Encrypted and then the server will post to the processor. I use >> authorize.net and I have never had a problem. There are CF tags out > there >> for doing it, and all you do is fill in the blanks. Some of the > things you >> pass are the login and password, hence you don't want that stored in the >> Flex app that can be decompiled. When it comes to peoples money, > you need >> to be as careful as possible. >> >> There are other solutions, where you can pop open up a webpage and > pass info >> to it (like your account # and the amount to charge, etc) and the > end user >> is filling out the CC info on a different site - then you get an > email that >> it happened and you ship the product. However, this makes your > company feel >> "small" and you lose orders because people get scared off. >> >> Anyway, use the server technology to do the processing, and never leave >> anything dangerous in your Flex app. Just my 2 cents. >> >> Thanks >> -Pat >> www.datanotion.com >> >> >> On Thu, Jun 12, 2008 at 12:00 PM, tspyro2002 <[EMAIL PROTECTED]> >> wrote: >> >> > Hi, >> > >> > Can anyone point me in the direction on how to process Credit Card > payments >> > with Flex, Im I >> > right in thinking that it will use an API, HTTPS and a Merchant > Account >> > with a bank? >> > >> > Would it be possible to create a custom script to post variables to a >> > WorldPay or similar >> > vendor. >> > >> > Cheers, >> > David >> > >> > >> > >> > >
