Yes, I would not use makeRequest to transmit credit card information - your best bet is to open an iframe to a https-protected payment form.
You can use makeRequest to establish a session, though. Basically, do a signed makeRequest call to http://yoursite.com/getsession which should validate the signed makeRequest call, create a new session and store the viewer_id in the session, and return the session ID number. Then open an iframe or popup to http*s*://yoursite.com/ payments?session_id=<session_id> to let the user input payment. Make sure that the session is fairly short lived, though (you may want to return a one time use token identifying the session, instead of the session id itself). ~Arne On Mar 10, 6:37 am, Sanjay <skpate...@gmail.com> wrote: > > So for sensitive information like credit card details, using https is still > > required since you don't only want to make sure it hasn't been changed in > > transit, you also want to make sure no one can read it, which is what https > > gives you. > > A vital input for me. Thanks a lot! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OpenSocial Application Development" group. To post to this group, send email to opensocial-api@googlegroups.com To unsubscribe from this group, send email to opensocial-api+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/opensocial-api?hl=en -~----------~----~----~----~------~----~------~--~---
