Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Help: I proxied paymodule transac but is there a better way?


Recommended Posts

While writing a new payment gateway module, I discovered on the Confirmation page that the page source (the form entry for the confirm button) contained the sensitive account information and payment method fields being passed to my payment gateway. This of course was completely unacceptable, and so I sought out a way to make the procedure more secure.

 

I would really appreciate any suggestions for a BETTER approach:

 

Instead of a direct post ala osCommerce's normal payment procedure, I rewrote the button's submit form to post to my own intermediate proxy page. This page, written entirely in PHP (thus invisible) contacts the payment gateway, receives the response, and uses cURL to post back to the checkout_success (success) or checkout_payment (fail).

 

This additionally allows me to use the bank's XML gateway instead of the direct post gatway - it affords better security and a few other niceties over the DP method.

 

The question remains though... am I going about this the wrong way? If there is another method that constrains itself to the normal osCommerce methodology, I would be glad to hear it. It would make my contribution amenable to those who need it.

 

 

Torin...

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...