[thelist] I can't believe what I just read....

Lumir G Janku lgjanku at w3matrix.com
Fri Oct 20 04:22:50 CDT 2000

matt warden wrote:

>There are ways to be more secure... mainly by not involving the client in
>the verification process. In other words, client to web server to
>verification server back to the web server and back to the client with the
>response. Here, we have the client directly interacting with the
>verification server, which seems like just the easy way out.

You got a point. There are actually several ways, as VeriSign is 
concerned,  for information processing.
The "easy-way-out" Is called Link Point. That's the scenario that I was 
taking about, at it is meant to be for small sites with less than $3000 in 
transactions per month. Needless to say that VeriSign uses in their setup 
proxy servers, so the client does not interact directly with the 
verification server. The result is also passed through a proxy server 
either to the client and /or optionally to the merchant web server that can 
then process the information depending on the result.

Other option is their SDK that has quite a bit of flexibility as the setup 
is concerned and the information can be passed silently between the web 
server and the processing gateway. Other than that, they have integratrion 
packages for most OS and major cart software.

More information about the thelist mailing list