Hi, You're welcome. I should also mention that one of the points of using Stripe is ensuring that credit card numbers never pass through the Evergreen server, thereby significantly simplifying attaining PCI compliance. The long list of domains to allow is part of the tradeoff.
Of course, nobody can guarantee that Stripe will never get subverted to the point where their systems distribute malware that would affect the OPAC stations, but Stripe has every motivation to work hard to prevent that, as that would be the sort of mistake that would cause existential problems for their business. Regards, Galen On Wed, Dec 14, 2022 at 9:55 AM John Amundson <jamund...@cwmars.org> wrote: > > Thanks, Galen! > > That is very helpful. > > John > > John Amundson | Library Applications Supervisor | CW MARS > > jamund...@cwmars.org | 508-755-3323 x322 > > https://www.cwmars.org > > he/him/his > > > > On Wed, Dec 14, 2022 at 9:53 AM Galen Charlton <g...@equinoxoli.org> wrote: >> >> Hi, >> >> On Wed, Dec 14, 2022 at 9:40 AM John Amundson via Evergreen-general >> <evergreen-general@list.evergreen-ils.org> wrote: >>> >>> We have one library that wants to allow payments on OPAC-only computers but >>> not have them fully open to the internet. We suggested allowing the entire >>> *.stripe.com domain through. The library was not comfortable allowing the >>> full domain, so I suggested adding the 30 or so domain names that Stripe >>> suggests - https://stripe.com/docs/ips. >> >> >> I don't think we have, or can have, any authoritative way to suggest a >> subset of Stripe's own list that can be guaranteed to not break the >> integration (or not interfere with technical measures that Stripe takes to >> detect or combat credit card fraud). The most I can suggest is asking Stripe >> directly whether any of the domains on that list (e.g., >> dashboard.stripe.com) are not strictly required for the payment integration >> itself, as opposed to the websites that the library would need to access in >> order to manage their Stripe account. >> >> Regards, >> >> Galen >> -- >> Galen Charlton >> Implementation and IT Manager >> Equinox Open Library Initiative >> g...@equinoxoli.org >> https://www.equinoxOLI.org >> phone: 877-OPEN-ILS (673-6457) >> direct: 770-709-5581 -- Galen Charlton Implementation and IT Manager Equinox Open Library Initiative g...@equinoxoli.org https://www.equinoxOLI.org phone: 877-OPEN-ILS (673-6457) direct: 770-709-5581 _______________________________________________ Evergreen-general mailing list Evergreen-general@list.evergreen-ils.org http://list.evergreen-ils.org/cgi-bin/mailman/listinfo/evergreen-general