[thelist] how secure to store credit cards

.jeff jeff at members.evolt.org
Wed Jan 9 03:13:31 CST 2002


keith,

><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> From: Keith
>
> My guess is that authorizenet will have all you need for
> handling this with CF.
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><

i found a couple of solutions available.

cf_authorize
http://www.cfauthorize.com/
cost: $125

cf_authorize_net_3
http://devex.allaire.com/developer/gallery/info.cfm?ID=C0C7D513-2CD6-11D4-AA
9800508B94F380&method=Full
cost: free

cf_authorizenet_ht
http://devex.allaire.com/developer/gallery/info.cfm?ID=7F279ECF-C3F8-11D5-83
FC00508B94F380&method=Full
cost: $50

cf_authnet (v3.0)
http://devex.allaire.com/developer/gallery/info.cfm?ID=86F5D6B6-9646-11D4-83
E100508B94F85A&method=Full
cost: free

><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> It's really easy to do with perl. It takes only a few
> lines of code to create a browser-on-the-fly that then
> communicates, as a browser/client, with the other
> server. In perl it's called an LWPUserAgent. The server
> it talks to has no idea it is talking to a cgi script,
> it thinks it has a browser.  I've never tried emulating
> the browser's half of an SSL session with LWP but I
> assume it's doable.
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><

you can do the same thing with the <cfhttp> tag in coldfusion.  you can do
it over ssl, send any of the http headers you like including things like
http_user_agent, http_referrer, set the method to get or post and send form
data with the request.  it's practically limitless.

><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> But like I said, I'll bet authorizenet has a CF client
> template ready to use since they would have far more CF
> users than perl users. If they don't have a client
> template holler, that would be a nice little niche
> market to fill if they've left it open.
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><

they don't appear to have anything created for the cf developer to connect
to them or if they do, they do a fantastic job of hiding it since i couldn't
locate it on their site.  however, it doesn't seem as if it's really
necessary as there are several available (note the links above).

><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> This is a gem of a find Erik. Please let us all know how
> it goes, how much of the work authorizenet has aleady
> done for you, how easy or hard it is to set up, etc. I
> think it would make a good evolt article, you're not the
> only one crossing that creek, and it looks like you
> found a bridge.
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><

and, if you run into trouble, cybercash is ready and waiting for your
business.  there's already a tried and tested cfx tag available to connect
to them and i've got lots of experience you can lean on.

here's info available at allaire.com

cfx_cybercash kb article
http://www.allaire.com/handlers/index.cfm?ID=16605

cfx tag available here (though the download link appears to be broken thanks
to verisign's muddying up of cybercash's site after acquiring them):
http://devex.allaire.com/developer/gallery/info.cfm?ID=C47905C9-E893-11D4-AA
B800508B94F380&method=Full

fwiw, i found more custom tags that perform private/public key style
encryption.  here's one that's more reasonably priced, that's based on the
rsa public key encryption algorithm:

http://developer.perthweb.com.au/cfx_pwcardcrypt.html
$49 for a single license or $299 for an unlimited license
http://developer.perthweb.com.au/card_pricing.html

or one that isn't specifically for credit cards (doesn't perform validation
of credit card numbers, expirations, etc. like the one directly above) and
is slightly less expensive:

http://developer.perthweb.com.au/cfx_pwtextcrypt.html
$39 for single license or $239 for an unlimited license

enjoy,

.jeff

http://evolt.org/
jeff at members.evolt.org
http://members.evolt.org/jeff/







More information about the thelist mailing list