The Forums on slxdeveloper.com are now retired. The forum archive will remain available for the time being. Thank you for your participation on slxdeveloper.com!
|
|
Where does the script run from - fat client PCs or SLX Server
Posted: 01 Aug 08 1:26 PM
|
I would like to know where the scripts run from since I would like to choose the right solution for processing credit cards from SLX fat client (not the web client). I have found the following 3 solutions for processing credit cards from SLX fat clients, but am concerned about the encryption of data when the data is transmitted (posted) to the payment gateway's secured site. I have tested all the 3 solutions in test environments and they work.
Solution 1 - Post data to the payment gateway's secured site using xmlhttp (the way Ryan has shown to Retrieve the LinkedIn Search Results in the article "Integrating SalesLogix Leads with LinkedIn"). This solution is easy to implement since there is no need to add .Net assembly (unlike the other 2 solutions I have explained below). My main concern here is, if the script (in the Script tab of SLX Form) runs from the fat client PCs, then the credit card number (and other data) will not get encrypted unless I explicitly use xml Encryption and I am not sure if I can code for XML Encryption within SLX Form plugin. If it runs from the SLX Server and if SSL is installed in the SLX server, then the data may get encrypted. I would like to know if anyone has any clear answer to this question. Other security concerns in this approach is the exposure of the login id and password for posting data to payment gateway's secured site. I could use SLXRWEL.SLXRWEOBJ to decrypt the login id and password that can be stored in an encrypted format in some table. But still it would be risky.
Solution 2 - Post the data to the payment gateway's secured site using .Net component "webclient" (in System.Net namespace). For this I created a .Net Extension following the example shown in Ryan's article "Introduction to .NET in SalesLogix Version 7". When I added the assembly for this .Net extension, I found that the only dependency for this extension was the .pdb file (the debugger file?) and so the requirement is to place the .pdb file in the flat client server. Here I assume that the data gets transmitted from the SLX server since the dll is not present in the fat client PCs. Am I right in this assumption?
Solution 3 - Post the data to the payment gateway's secured site using a 3rd party dll. For this I created a .Net Extension following the example shown in Ryan's article "Introduction to .NET in SalesLogix Version 7" and included in it the third party dll reference. When I added the assembly for this .Net extension, I found that the third party dll was a dependency and so I had to place the dll in the fat client PCs. Here I assume that the data gets transmitted from the fat client PCs. Am I right in this assumption?
My understanding is that when data entered in a web form hosted on a server with SSL certificate installed the web browser that is used (IE or Firefox or Netscape) takes care of encryption of the data while transmitting it and the encryption is usually 128 bit encryption. I am not sure of the strength of encryption if any of the data that gets transmitted from a fat client PC. I guess it is 40 bit encryption since, at least in test environment, my solutions work and the payment gateway's requirement is to have at least 40 bit encryption. But 40 bit encryption is easy to hack.
I would appreciate if anyone could clarify this matter.
Thanks.
Ram |
|
|
|
Re: Where does the script run from - fat client PCs or SLX Server
Posted: 01 Aug 08 1:33 PM
|
| A typo in my original post. Under Solution 2 I have said "..........so the requirement is to place the .pdb file in the flat client server. " Please read it as "...........so the requirement is to place the .pdb file in the flat client PCs." |
|
|
|
Re: Where does the script run from - fat client PCs or SLX Server
Posted: 02 Aug 08 7:41 AM
|
Ram, in the windows client the scripts (VB scripts) run in the client application. There are abilities to run script in the sync client as well I believe. The .pdb file is a debug file, why does that have to be deployed to the client. If you are doing so as a .net extension the file and building in debug mode the file will be deployed as an assembly reference.
Mark |
|
|
|
Re: Where does the script run from - fat client PCs or SLX Server
Posted: 02 Aug 08 7:48 AM
|
Ok, so I re-read, sorry really tired this morning. The only reason the .pdb file is required is because it si compiled in debug mode otherwise this file would not exist. The assembly and all of its dependencies will be synced out to the users machine and run locally. When using the .net extensions that is the benefit. You do not have to put the assembly on any one elses machine. The one caviet is in the case where an assembly needs to be registered with the GAC but this is not the norm for .net extension development. I would suggest going the 3rd party route where the communications and contract have already been tested. They will support the level of encryption required by the processor to complete the transaction.
Mark |
|
|
| |
|