|Secure Server Questions|
|Secure Server Questions|
Author Simon on 10-09-2000 at 06:39 (EST)
I have recently purchased uStorekeeper for a client, and I have the same problem as Julian (http://www.uburst.com/dcforum/ustore_config/31.html)
My secure server is a shared certificate hosted at FutureQuest, and it appears that it is also not on the same physical server as my main server.
I have a few questions:
1. In order to use the security, will I have to run the application entirely on the secure server?
2. Though no mention is made of this in the installation instructions, I assume that it is necessary to create the same directory structure on the secure server, and upload the same files to the same locations there - correct?
3. Authorize.net appears to cater for US merchants only - do you have any plans for an Australian authorization service?
Thanks for your help.
|Messages In This Discussion|
| 1. RE: Secure Server Questions|
Author Bill Weiner on 10-09-2000 at 15:30 (EST)
|As described at that post:|
... the "cart" files and "settings" files must be accessible to both the public and secure pages.
That is, during runtime, the "ustorekeeper.pl" runtime script will be accessed first via it's public URL (while the customer is browsing the store and adding items to his/her shopping cart)...and then when the customer is ready to check out, will be accessed via it's secure URL to handle collecting the customer's billing and payment information. Because the billing and payment information will be related to the items in the shopping cart, that cart file that was used save the items that the customer selected, must also be accessible to the script accessed via the secure URL.
In summary, the "ustorekeeper.pl" script that is accessed via your public (http) URL and the "ustorekeeper.pl" script that is accessed via your secure (https) URL.... must both be able to access the same physical "data" directory. Typically, this means that the public server and the secure server must be physically the same server.
So in regard to your questions:
1) Yes, you could technically run the entire store off of your secure server. This can be done by installing the scripts on your secure server and specifying all of the public URL configuration questions to be identical to the secure URL configuration questions. The obvious downside to this is that all of the regular store pages would be slower (because they would be encrypted via your secure server).
The other option is that if you use one of the built-in payment processing systems, then technically, you don't need a secure server... because the sensative payment information would be collected on the secure Authorize.Net/PlanetPayment/or LinkPoint servers....and never actually stored on your server anyway.
2) If you were to install the scripts entirely on your secure server, then yes, setup the same directory structure and everything. Just be sure that you specify all of the public URL configuration questions to be identical to the secure URL configuration questions.
3) Yes, we do have plans to develop additional payment processing interfaces.... (I think camtech is on our list for Australia).... but I can't give any estimates on when such interfaces will be complete. In the mean time, you may want to look into the PlanetPayment interface opton... As I believe "PlanetPayment" is available to merchants outsite the U.S.