You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tapestry.apache.org by Gareth <g0...@yahoo.co.uk> on 2006/11/27 17:35:25 UTC
Linking Tapestry to Online Payment Provider
Hi,
Apologies for this being seen as slightly off topic.
I'm trying to link my tapestry Application to the online payment provider NoChex.
They provide an interface page which I must forward to in order to pass responsibility for the currency transfer to them, this is either:
<GET>
url="https://www.nochex.com/nochex.dll/checkout?email=mysales@myco.com&amount=4.45"
or
<POST>
<input type="text" name="email">
<input type="text" name="amount">
</form>
My opinion was that to redirect / forward using a link from my webpage to theirs would be open to abuse since users could manually tweak the price my manipulating javascript. Is this understanding correct?
To prevent it, the only solution I could think of was to keep pricing and product details in the session, then redirect from a server side listener.
This works in the GET format, but I can't see how to convert it to a post. Also, if it were a post, I can't see how to set the response attributes (as if the form were submitted). Is there an easy way of doing this from tapestry?
The reason I wish to send a POST redirect as opposed to a GET is that I believe the user could manipulate the URL parameters if it is in that format.
I'd be really grateful if someone could clarify this whole issue for me please, as I'm new to this whole concept of online security (having never taken payments online before), and I can't seem to find any data sources to confirm / disprove my current understanding.
I've used raw J2EE before, but never to manually craft a POST response.
Many thanks
Gareth
Send instant messages to your online friends http://uk.messenger.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
Re: Linking Tapestry to Online Payment Provider
Posted by spamsucks <sp...@rhoderunner.com>.
May I ask a little more about what your application does? Is it just a
shopping cart?
I have written tapestry applications that integrate to payment providers
(payproflow, skipjack and cybersource), and currently on adding this feature
to a security framework that I have written that will allow users to make
purchases via credit card. http://www.authsum.org (uses tapestry of
course!)
I was wondering if perhaps there is a match here.
phillip
----- Original Message -----
From: "Gareth" <g0...@yahoo.co.uk>
To: "Tapestry users" <us...@tapestry.apache.org>
Sent: Monday, November 27, 2006 11:35 AM
Subject: Linking Tapestry to Online Payment Provider
Hi,
Apologies for this being seen as slightly off topic.
I'm trying to link my tapestry Application to the online payment provider
NoChex.
They provide an interface page which I must forward to in order to pass
responsibility for the currency transfer to them, this is either:
<GET>
url="https://www.nochex.com/nochex.dll/checkout?email=mysales@myco.com&amount=4.45"
or
<POST>
<input type="text" name="email">
<input type="text" name="amount">
</form>
My opinion was that to redirect / forward using a link from my webpage to
theirs would be open to abuse since users could manually tweak the price my
manipulating javascript. Is this understanding correct?
To prevent it, the only solution I could think of was to keep pricing and
product details in the session, then redirect from a server side listener.
This works in the GET format, but I can't see how to convert it to a post.
Also, if it were a post, I can't see how to set the response attributes (as
if the form were submitted). Is there an easy way of doing this from
tapestry?
The reason I wish to send a POST redirect as opposed to a GET is that I
believe the user could manipulate the URL parameters if it is in that
format.
I'd be really grateful if someone could clarify this whole issue for me
please, as I'm new to this whole concept of online security (having never
taken payments online before), and I can't seem to find any data sources to
confirm / disprove my current understanding.
I've used raw J2EE before, but never to manually craft a POST response.
Many thanks
Gareth
Send instant messages to your online friends http://uk.messenger.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tapestry.apache.org
For additional commands, e-mail: users-help@tapestry.apache.org