RE: {Disarmed} RE: [flexcoders] Credit card processing in Flex

[Scott]

I plan on having the server process the credit card order.  However, I
still have to pass the credit card information securely to my server.
The other response refers to sentourl so I'll look into that.  Is there
any other methods to send information securely to my server?

sj

 



From: flexcoders@yahoogroups.com [mailto:flexcod...@yahoogroups.com] On
Behalf Of Kevin Benz
Sent: Wednesday, March 04, 2009 10:00 AM
To: flexcoders@yahoogroups.com
Subject: {Disarmed} RE: [flexcoders] Credit card processing in Flex

 

I would look at the authorize.net documentation as they present the most
generic methods for HTTP based authentication. 

 

If you are talking about a client-side processing solution, it can be
accomplished but a bad idea. SWF's can be easily reverse engineered
exposing API keys, hash entries, merchant account identities and
credentials to external access. Traditional non-API Wallet approaches
(standard PayPal, Amazon FPS, Google Wallet) cannot exist in a client
only solution as they require a post-back URL with which to transact. 

 

The only secure solution has a server acting as a gateway to the payment
service with the Authorize.net documents providing many resources. Other
payment aggregators offer likewise documentation such as Cybersource,
Paypal (both Wallet and API).  A server hides the specifics (code and
metadata) from the peering eyes of those interesting in subverting your
payment service.

 

KFB

 

From: flexcoders@yahoogroups.com [mailto:flexcod...@yahoogroups.com] On
Behalf Of Scott
Sent: Wednesday, March 04, 2009 7:09 AM
To: flexcoders@yahoogroups.com
Subject: [flexcoders] Credit card processing in Flex

 

Anyone have a website or information that references how to process
credit cards through flex?

Thanks
Scott


-- 
This message has been scanned for viruses and 
dangerous content by MailScanner http://www.mailscanner.info/ , and is

believed to be clean. 




-- 
This message has been scanned for viruses and 
dangerous content by MailScanner http://www.mailscanner.info/ , and is

believed to be clean. 

RE: {Disarmed} RE: [flexcoders] Credit card processing in Flex

[Kevin Benz]

If the browser hosting your Flex component is connected in a HTTPS
session, then yes. I'm not aware of being able to start HTTPS
communication from a HTTP session. I believe that the SSL key (session
in place) needs to be in-place before you do your submit so posting
blindly to a HTTPS URL is not necessarily secure.

Of course, the ugly solution, a popup HTML window doing HTTPS directly.

You can also encrypt yourself in Actionscript with as3crypto (Google
code) although this might violate PCI/SET standards.

In Air, you can start an HTTPS session of its own.

KFB

 

From: flexcoders@yahoogroups.com [mailto:flexcod...@yahoogroups.com] On
Behalf Of Scott
Sent: Wednesday, March 04, 2009 8:24 AM
To: flexcoders@yahoogroups.com
Subject: RE: {Disarmed} RE: [flexcoders] Credit card processing in Flex

 

I plan on having the server process the credit card order.  However, I
still have to pass the credit card information securely to my server.
The other response refers to sentourl so I'll look into that.  Is there
any other methods to send information securely to my server?

sj

 



From: flexcoders@yahoogroups.com [mailto:flexcod...@yahoogroups.com] On
Behalf Of Kevin Benz
Sent: Wednesday, March 04, 2009 10:00 AM
To: flexcoders@yahoogroups.com
Subject: {Disarmed} RE: [flexcoders] Credit card processing in Flex

 

I would look at the authorize.net documentation as they present the most
generic methods for HTTP based authentication. 

 

If you are talking about a client-side processing solution, it can be
accomplished but a bad idea. SWF's can be easily reverse engineered
exposing API keys, hash entries, merchant account identities and
credentials to external access. Traditional non-API Wallet approaches
(standard PayPal, Amazon FPS, Google Wallet) cannot exist in a client
only solution as they require a post-back URL with which to transact. 

 

The only secure solution has a server acting as a gateway to the payment
service with the Authorize.net documents providing many resources. Other
payment aggregators offer likewise documentation such as Cybersource,
Paypal (both Wallet and API).  A server hides the specifics (code and
metadata) from the peering eyes of those interesting in subverting your
payment service.

 

KFB

 

From: flexcoders@yahoogroups.com [mailto:flexcod...@yahoogroups.com] On
Behalf Of Scott
Sent: Wednesday, March 04, 2009 7:09 AM
To: flexcoders@yahoogroups.com
Subject: [flexcoders] Credit card processing in Flex

 

Anyone have a website or information that references how to process
credit cards through flex?

Thanks
Scott


-- 
This message has been scanned for viruses and 
dangerous content by MailScanner http://www.mailscanner.info/ , and is

believed to be clean. 


-- 
This message has been scanned for viruses and 
dangerous content by MailScanner http://www.mailscanner.info/ , and is

believed to be clean. 




-- 
This message has been scanned for viruses and 
dangerous content by MailScanner http://www.mailscanner.info/ , and is

believed to be clean. 

image001.jpgimage002.jpg