aolXFT
asked on
StormPay IPN(and other possible payment options)
Hi
I'm conisdering adding payment possibilities to a PHP script I am developing. I think the first way I'll do this will be through StormPay.
I've read somewhere that Stormpay have an IPN system, where they call a script on your server, to confirm that a page has been called.
I can't find any documention on this IPN system, but from what I do know(which isn't an awful lot), Stormpay get a request from my client, they verify details, they send the IPN to a confirmation page on my server, and they they forward the user to my "thank you" page.
Any links on where I can get more information on this would be appreciated.
Also what security precautions would need to be taken regarding this.
I'm aware that CC Card security is taken care of by StormPay's server, but how do I make sure that people don't simply access the confirmation page(the page my server uses to confirm that they've paid) directly, without paying the money to Stormpay? I know I could make sure the IP address calling the page is the one used by the IPN, but can't IP addressed be spoofed?
I know I'm not going to get a 100% secure solution, but I'd like to close up any known security holes, to make it as difficult as possible.
Any information on what alternatives are available besides stormpay(besides paypal), as well as their pros and cons would also be appreciated.
Since this question is in parts, I'll award points for the different parts, if someone answers one part of the question and not another. I'll also add more points if the answer(or any part of the answer) proves to be more complex than I thought, or is merited by 300 points.
I'm conisdering adding payment possibilities to a PHP script I am developing. I think the first way I'll do this will be through StormPay.
I've read somewhere that Stormpay have an IPN system, where they call a script on your server, to confirm that a page has been called.
I can't find any documention on this IPN system, but from what I do know(which isn't an awful lot), Stormpay get a request from my client, they verify details, they send the IPN to a confirmation page on my server, and they they forward the user to my "thank you" page.
Any links on where I can get more information on this would be appreciated.
Also what security precautions would need to be taken regarding this.
I'm aware that CC Card security is taken care of by StormPay's server, but how do I make sure that people don't simply access the confirmation page(the page my server uses to confirm that they've paid) directly, without paying the money to Stormpay? I know I could make sure the IP address calling the page is the one used by the IPN, but can't IP addressed be spoofed?
I know I'm not going to get a 100% secure solution, but I'd like to close up any known security holes, to make it as difficult as possible.
Any information on what alternatives are available besides stormpay(besides paypal), as well as their pros and cons would also be appreciated.
Since this question is in parts, I'll award points for the different parts, if someone answers one part of the question and not another. I'll also add more points if the answer(or any part of the answer) proves to be more complex than I thought, or is merited by 300 points.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
AsbornG: Considering the amount of bad comments I've heard about PayPal and EBay, I was a bit hesitant. Since however I'm not going to be using them myself. This script is for a GPL Project I'm working on - although I might make the payment module a pay-for module(if people are going to be charging for services provided by my script, they might as well fork some money back to me :) ). I probably will write a module for PayPals system.
The nature of the project makes StormLock not-an-option.
Since I'll probably be doing this for more than Stormpay, and since I'm sure stormpays IPN system is similar to Paypals, and paypals is better documented, I think I'll accept Ashborn's answer, with duz's as assisting, if I can find the button to split the points.