I thought that was the distinction but wanted to make sure I understood, As well It seems a good idea to make it clear for future travelers. Thanks
On Wednesday, February 26, 2014 1:39:18 PM UTC-6, Josh Cartmell wrote: > > Hey Tom, in no case is the CC info ever saved to the database. > > The distinction is whether your server ever even sees the CC info. > > In Stripe's default use case your server is never sent the CC info, > instead Stripe takes the CC info and provides a token that allows your > server to create a charge using the Stripe API. > > The cartridge Stripe handler, on the other hand, does take the CC info and > then submits it directly to the Stripe API. > > Here is Stripe's description of their security (using their default js > implementation, not the cartridge handler) > https://stripe.com/us/features#seamless-security > > > On Wed, Feb 26, 2014 at 11:28 AM, Tom Brander <[email protected]<javascript:> > > wrote: > >> Not sure I get the distinction, is the CC # stored in the cartridge DB or >> not using the Cartridge handler? If not, as Ken indicates, I'm not sure I >> understand the distinction you are making? >> >> >> On Wednesday, February 26, 2014 1:14:29 PM UTC-6, Josh Cartmell wrote: >> >>> Ken is exactly correct. >>> >>> My comment was that the way Stripe encourages you to use them is through >>> their checkout javascript which sends the CC info to Stripe's servers and >>> returns a token that your server can use to create the charge. Their >>> checkout form doesn't include a name attribute on the CC fields so they >>> aren't posted to your server and at least theoretically PCI compliance is >>> not your problem. >>> >>> The way the cartridge handler works is the CC info is posted to the >>> server and then sent to Stripe using Stripe's API. The CC info is never >>> saved to the database or anywhere else, it is just a question of whether >>> your server ever even sees the CC details or not. >>> >>> >>> On Wed, Feb 26, 2014 at 10:58 AM, Ken Bolton <[email protected]> wrote: >>> >>>> On Wed, Feb 26, 2014 at 1:35 PM, Tom Brander <[email protected]>wrote: >>>> >>>>> Ahh thanks! I agree, don't want exposure of keeping CC #'s! >>>>> >>>> >>>> Cartridge does not store credit card data in any of the payment >>>> handlers. >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Mezzanine Users" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> >>>> For more options, visit https://groups.google.com/groups/opt_out. >>>> >>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "Mezzanine Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> For more options, visit https://groups.google.com/groups/opt_out. >> > > -- You received this message because you are subscribed to the Google Groups "Mezzanine Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
