[Zope] Security questions all around.

Alec Munro alec.munro@eoascientific.com
Mon, 27 Jan 2003 13:52:52 -0400


Hi all,

I've got a bundle of possible security questions.

First off, I am trying to do credit card processing.


The way I have it set up I have a few possible ways to do this, each 
with their own roadblock.

First off, and the way I would ideally like to do it, since I have 
invested the most time in it, is calling a python script that would make 
an HTTPS connection to the payment gateway, process the returned 
information, and give the user some feedback. A plus of this method is 
that the user never leaves my site. The current problem is my limited 
understanding of SSL. I get a SSL_CTX_use_PrivateKey_file error, raised 
in the httplib module.


Second, I can have the user submit the data directly to the payment 
gateway, and allow the payment gateway to redirect them back to a 
summary page. The problem is then confirming that the user is actually 
being redirected. My payment gateway returns the data signed with PGP, 
but I have almost never worked with PGP, and I would have little idea 
where to start.

Any help at all would be appreciated.

Thanks,

Alec Munro