>From what I understand, the user fills out the form on your website with their credit card information, etc. You process that form, put in the transaction details sans the credit card # into your database and then process the payment using the cfhttp post to secpay.
The connection from your server to secpay is secure as they are using SSL (https). If the user is viewing your page over http (and not submitting to your server over https), then that connection is not secure, and you should at least use a self generated certificate to install ssl. A self generated certificate will give user's warnings, but at least their connection will be secure. The proper way to do this, of course, would be to buy a certificate from a trusted third party (verisign, thawte, a bunch of cheaper third party ones). Russ > -----Original Message----- > From: Spydersweb Internet Solutions [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 13, 2006 10:21 AM > To: CF-Talk > Subject: RE: CFHTTP / SSL and Secpay Payments > > Russ, hi > > thanks for the help > > Can I just clarify your response please > > If the end user is viewing the secpay secure page in this way it is not > using the security provided by secpay via their ssl certificate? > > I am not storing credit cards in the database, just the transaction > details, > ie name price and what ever the response from secpay is eg authorised etc. > > Graham > -----Original Message----- > From: "Russ" <[EMAIL PROTECTED]> > To: CF-Talk <cf-talk@houseoffusion.com> > Date: Tue, 13 Jun 2006 10:20:03 -0400 > Subject: RE: CFHTTP / SSL and Secpay Payments > > > When you do a cfhttp request, it does it on the server side. There is > > nothing that gets shown on the browser. If you're using an https url, > > it > > should be secure. If you want to show a browser lock to your users, > > you > > will have to use https on your server (and if you're not, then their > > data is > > not secure, even if you're passing it to secpay over https). Also > > storing > > cc's in your database is a bad idea, as it opens you up to all sorts of > > liabilities. > > > > Russ > > > > > -----Original Message----- > > > From: Spydersweb Internet Solutions > > [mailto:[EMAIL PROTECTED] > > > Sent: Tuesday, June 13, 2006 10:07 AM > > > To: CF-Talk > > > Subject: CFHTTP / SSL and Secpay Payments > > > > > > Dear All > > > > > > I am utilising a SECPAY payment authorisation service to process > > client > > > payments. > > > > > > I collect data via a form, do a database insert with it and then do a > > > cfhttp > > > post to Secpay's Secure server. > > > > > > I have only just noticed that when I do the post I do not get to see > > the > > > https in the url nor do I see the secure lock in the bottom part of > > the > > > browser window. > > > > > > I therefore have two questions: > > > > > > 1) Is the connection still secure to the secpay server? > > > 2) Is it possible to show the https or the padlock in the bottom of > > the > > > browser window? > > > > > > Code listing: > > > > > > <cfhttp method="Post" > > > url="https://www.secpay.com/java-bin/ValCard";> > > > <cfhttpparam name="merchant" type="formfield" > > value="#REQUEST.merchant#"> > > > <cfhttpparam name="trans_id" type="formfield" > > value="#REQUEST.trans_id#"> > > > <cfhttpparam name="amount" type="formfield" > > > value="#REQUEST.field_amount#"> > > > <cfhttpparam name="callback" type="formfield" > > value="#REQUEST.callback#"> > > > <cfhttpparam name="test_status" type="formfield" value="live"> > > > <cfhttpparam name="template" type="formfield" > > > value="http://www.secpay.com/users/digita02/temp.html";> > > > <cfhttpparam name="options" type="formfield" value="cb_post=true"> > > > <cfhttpparam name="currency" type="formfield" > > > value="#Request.field_currency#"> > > > <cfhttpparam name="bill_name" type="formfield" > > > value="#REQUEST.field_name#"> > > > <cfhttpparam name="bill_company" type="formfield" > > > value="#REQUEST.field_company#"> > > > <cfhttpparam name="bill_email" type="formfield" > > > value="#REQUEST.field_email#"> > > > <cfhttpparam name="bill_tel" type="formfield" > > > value="#REQUEST.field_phone#"> > > > <cfhttpparam name="bill_addr_1" type="formfield" > > > value="#REQUEST.field_address1#"> > > > <cfhttpparam name="bill_addr_2" type="formfield" > > > value="#REQUEST.field_address2#"> > > > <cfhttpparam name="bill_city" type="formfield" > > > value="#REQUEST.field_town#"> > > > <cfhttpparam name="bill_state" type="formfield" > > > value="#REQUEST.field_county#"> > > > <cfhttpparam name="bill_post_code" type="formfield" > > > value="#REQUEST.field_postcode#"> > > > <cfhttpparam name="bill_country" type="formfield" > > > value="#REQUEST.field_country#"> > > > <cfhttpparam name="mail_merchants" type="formfield" > > > value="[EMAIL PROTECTED]:[EMAIL PROTECTED]"> > > > <cfhttpparam name="mail_attach_customer" type="formfield" > > value="false"> > > > <cfhttpparam name="mail_attach_merchant" type="formfield" > > value="false"> > > > <cfhttpparam name="mail_customer" type="formfield" value="true"> > > > <cfhttpparam name="mail_subject" type="formfield" value="MacVideo: > > Order > > > Confirmation #REQUEST.trans_id#"> > > > </cfhttp> > > > <html> > > > <head> > > > <title></title> > > > </head> > > > <body> > > > <cfoutput> > > > #cfhttp.filecontent#<br> > > > </cfoutput> > > > </body> > > > </html> > > > > > > Any help offered is greatly appreciated. > > > > > > regards > > > Graham Cole > > > [EMAIL PROTECTED] > > > > > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:243338 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
