Re: Shopping cart architecture IIS<->SQL
- From: "Daniel Crichton" <msnews@xxxxxxxxxxxxxxxx>
- Date: Fri, 3 Oct 2008 14:45:27 +0100
I'm in the UK, so I doubt these will help, but I'm currently using both
DataCash and Protx. DataCash seem to have a more robust system and are
better at keeping on top of issues, but Protx are cheaper and don't charge
ridiculous amounts for what should be core features (eg. DataCash want about
£1500 to enable 3D Secure processing, Protx include this at no additional
cost).
Dan
Ron wrote on Wed, 1 Oct 2008 11:05:34 -0700:
Sounds good. Since you have so much experience there, can you recommend
a Payment processor? (or two).
"Daniel Crichton" <msnews@xxxxxxxxxxxxxxxx> wrote in message news:OOnQFW7IJHA.2156@xxxxxxxxxxxxxxxxxxxxxxx
Most payment providers will handle that cleanly for you - you send
the card details to them, they authorise it, you get back an
authorisation token which you store. You don't need to retain the
card details at all.
When you want to get the payment for the order later (for instance
you only charge on despatch like we do) then you send the
authorisation token to the payment provider system along with the
amount, they send the request to the merchant services system and
you get back a response -
based on that response you release the order or not. If you need to
refund, you send a refund request with the token and the amount and
again the payment provider does all the work.
Dan
Ron wrote on Tue, 30 Sep 2008 14:52:32 -0700:
Just wondering how big places like Amazon or Dell do it. I'm sure
they dont keep the credit card info on the web even for a few
minutes.
(Although I do like your idea).
"Daniel Crichton" <msnews@xxxxxxxxxxxxxxxx> wrote in message
news:e6fDqVxIJHA.4280@xxxxxxxxxxxxxxxxxxxxxxx
Ron wrote on Mon, 29 Sep 2008 11:47:33 -0700:
I need a shopping cart like setup where IIS is in a DMZ on the
Internet, but how do I securely have the web server talk to a SQL
server where the order will be kept? If I open the Firewall back
to an internal SQL seems like a port I should not open. Any links
to white papers on best practices ?
TIA
Personally, I have IIS write to a SQL Server in the DMZ which
contains the read only product data and the order data, and use
SQL
Replication via a
Pull subscription to grab that data to another SQL Server inside my
LAN at which point the order data is "cleaned" to only have data
left that is required for order tracking on the website itself.
This way the full order data exists for only a short time on the
DMZ server, and I don't have to allow the IIS or SQL Server in the
DMZ to open connections into the LAN.
--
Dan
.
- References:
- Re: Shopping cart architecture IIS<->SQL
- From: Ron J
- Re: Shopping cart architecture IIS<->SQL
- From: Daniel Crichton
- Re: Shopping cart architecture IIS<->SQL
- From: Ron J
- Re: Shopping cart architecture IIS<->SQL
- Prev by Date: Re: Security 101: Only allow access to domain computers
- Next by Date: Politics
- Previous by thread: Re: Shopping cart architecture IIS<->SQL
- Next by thread: Re: SQL Server 2005 and security patch issues?
- Index(es):
Relevant Pages
|
Loading
