Folks,
Zacharias J. Beckman ([EMAIL PROTECTED]) writes:
> Ack, I'm confused.
>
> I recently went through the CyberCash site looking into their new Merchant
> Commerce Kit. I've downloaded it but haven't had a chance to unpack it.
>
> I was under the impression that this is a completely new library, compiled
> as a set of C programs and (presumably) callable via Native APIs from Java.
I looked into this back in December; unless something's changed
since then (new version of the MCK, etc) there's not much to it, but
the information is very hard to find. I'm in crunch mode on my
current project, but sometime in the next couple of months I'd like to
go back and finish that job.
I was about 80% there - had finally dug up all the information
about what needed to be sent where and how. I'd like to make maybe
Perl and Java versions that could be easily plugged into an
application, and open source them. Or maybe write a tutorial about
how to integrate Cybercash into your site.
When you download the kit from their servers, you get an example
implementation of a secure credit card system for a commerce site:
According to the Cybercash docs and example, an essential element
for security's sake is that you should take the order information and
the payment information as separate requests. Store the order
information (products and shipping address) from the first request and
embed some sort of record key in the form you send back to request the
credit card information. Then when the user submits the payment
information, it can only be applied against the predefined order and
shipping address.
I found the example perl applicaiton not too helpful, and the
docs were all very surface-level. It used rudimentary flatfile
databases for storing information; it wasn't enough to be used on its
own, but far too much to be a good example (hard to dig through their
source to figure out what they're doing). Maybe it was a project in
progress that got back-burnered (or early-released as an example) or
something.
It took a lot of digging to get a hazy idea of where exactly the
kit talks to Cybercash's servers, on what ports, how the request data
was formatted, how it was encrypted and what the responses meant. The
kit included C libraries for doing the encryption, which can be done
in Perl using standard Perl modules. As far as I was able to tell,
the libraries provided just implemented standard encryption, but again
this was all six months ago, and I never did get all the way done.
> Am I completely wrong, or am I looking at something new that you haven't
> seen yet...?
I don't know if you're looking at something new. I have hazy
recollections that the version I was looking at was 2.3, but that
could just be the beer talking :-).
Steven J. Owens
[EMAIL PROTECTED]
[EMAIL PROTECTED]
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
