[thelist] Specific Ecommerce Requirements
John Handelaar
john at userfrenzy.com
Wed Jun 28 05:57:56 CDT 2006
Hershel Robinson wrote:
> But that's the answer--put in the MySQL DB. Many ecommerce packages do
> this by anyway--even if they do place the charge automatically at
> checkout time.
And they shouldn't. You don't keep people's CC
numbers any longer than is absolutely necessary
(unless you want to comply with the processors'
data security reqs [tip: you don't] and/or get
ejected by your card company).
At the very least make damned sure you both
deliver the checkout form, *and* receive it, over
SSL.
There's code in some of the Drupal payment modules
(you'll want to copy one and edit it for your
own rather weird requirement) to switch protocols
at the right moment. My own Linkpoint_API one
does it but isn't converted to 4.7 yet;
Authorize_net does it too and may be worth a look.
jh
--
-------------------------------------------
John Handelaar
E john at handelaar.org T +353 21 427 9033
M +353 85 748 3790 http://handelaar.org
-------------------------------------------
More information about the thelist
mailing list