I am implementing authorize.net's SIM interface for credit card transactions, using GWT with app engine. In authorize.net's SIM API documentation, it states:
"IMPORTANT: The merchant's Transaction Key is highly sensitive and should only be known by the payment gateway and the merchant. For this reason it is vital that the Transaction Key is stored securely and separately from the merchant's Web server." I'm looking for suggestions on how securely store the authorize.net Transaction Key. I have a couple of ideas: 1. Enter the key manually after deploying the app via a custom GWT UI (secured by SSL) and store it in memcache. This is inconvenient, as it has to be done anytime the server is re-deployed. 2. Store the key in app engine's datastore, via a custom GWT UI. 3. Hard-code the key in a class that is part of the app engine app. I'm looking for guidance on which would be most secure out of these options, or if anyone has a better suggestion. Thanks for any help on this, Rick Horowitz -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
