RE: Re: FN-FORUM: credit card payments without pages hosted on providers servers

date posted 2nd October 2006 16:32

>
[EMAIL REMOVED] wrote:
>>> Of course, the alternative is to customise the pages on the remote
>>> processing server, and then possibly pull that page directly into your
>>> app, masking the source?
>>>
>>> Rich.
>>>
>>>
>>
>> That might turn out to be a highly workable alternative...
>>
>If you do this, how are you going to post the user's data back to the
>processing server? The processing server probably won't accept the
>modified page directly from the user's browser as cookies and/or hidden
>fields tied to your IP address are likely to be required. If your server
>has to act as a man-in-the-middle, for all intents and purposes this is
>the same as the API method, with the disadvantage of your code possibly
>breaking if the processing server changes their page layout in any way.
>
>Dave


I have been assured by our (usually very compitant) head techy that they can 'manipulate web pages invisibly' from within the software using HTTP ports. As I understand it (and I dont - really) they'll be opening a connection to the page which the server will see as a normal HTTP request and will respond in the normal way, but everything will be invisible to the user. He also tells me they have sure-fire ways of encrypting the data being autocompleted as it transfers from the software to the hidden page and that they can manipulate the forms and so on in the same way a user would, including submits and so on. I have confidence they can do it if he says so, its just finding a company that'll let us!