There's been a lot of discussion already reguarding Public Key Cryptography. Just to make sure I am reading your post correctly, the process is the following:
1. user adds items to shopping cart on e-commerce server A 2. when user is ready to check out, the following process occurs. e-commerce server A ---- sends total ----> your servlet on server B 3. servlet on Server B performs actual transaction and charges the credit card. servlet on Server B ---- sends message saying "paid" ----> e-commerce server A 4. e-commerce server A then finishes the checkout process and saves the order. If that is an accurate description of the process flow, there are several very important issues that have to taken into consideration, which are due to tax and other laws. A business is not allowed to charge a credit card, until it has the product ready to ship. Therefore in step 3, the only thing the system should do is verify the credit card is valid. I'm guessing this isn't a amazon size e-commerce site, so you really don't need step 3 at all. Depending on which third party site you use to verify the credit card, their own process will determine the protocol for step #3. In general terms, you don't want to use redirect for processes that involve money and credit card information. If you're just sending a total, there's no need to encrypt it. encrypting "32.99" doesn't make much sense. On the otherhand, if you are sending credit card and other sensitive information, then definitely use SSL. There's a variety of ways to do RPC (remote procedure calling), so that is a lengthy topic. You may have to go with an application server, since that is what they are designed to do. If you want more detailed help from the mailing list, providing more details about the process flow would help. peter Laura wrote: > > Hi all, > > thanks for your advices. > > Well, I have never worked with encryption. Well I know what is RSA, but how > can I implement it? Do I have to install something? What have I to use to > implement ansd use an RSA alghoritm? > > Thanks > > Laura > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
