Hi, On Wed, Dec 14, 2022 at 9:40 AM John Amundson via Evergreen-general < evergreen-general@list.evergreen-ils.org> wrote:
> We have one library that wants to allow payments on OPAC-only computers > but not have them fully open to the internet. We suggested allowing the > entire *.stripe.com domain through. The library was not comfortable > allowing the full domain, so I suggested adding the 30 or so domain names > that Stripe suggests - https://stripe.com/docs/ips. > I don't think we have, or can have, any authoritative way to suggest a subset of Stripe's own list that can be guaranteed to not break the integration (or not interfere with technical measures that Stripe takes to detect or combat credit card fraud). The most I can suggest is asking Stripe directly whether any of the domains on that list (e.g., dashboard.stripe.com) are not strictly required for the payment integration itself, as opposed to the websites that the library would need to access in order to manage their Stripe account. Regards, Galen -- Galen Charlton Implementation and IT Manager Equinox Open Library Initiative g...@equinoxoli.org https://www.equinoxOLI.org phone: 877-OPEN-ILS (673-6457) direct: 770-709-5581 <http://evergreen-ils.org>
_______________________________________________ Evergreen-general mailing list Evergreen-general@list.evergreen-ils.org http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-general
