Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    New to the CF scene
    Join Date
    Oct 2009
    Location
    Ft. Lauderdale, FL
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Question Help needed on architecting a process

    I need some help in architecting this process. Two goals are of the utmost importance: 1) Speed 2) Security.

    Here's the scenario:

    Domain A, Domain B, ... Domain Z sell a service to their customers on my behalf (keeping a commission). Once the transaction is processed (money collected from the consumer by the Domain), the Domain passes to me a transaction # (which I will use for billing purposes) along with some sensitive customer information (i.e. consumers SSN and DOB).

    I create a database entry on my server storing the consumers data and issuing a 10-character unique ID # that contains letters and numbers. The unique ID is returned to the originating Domain where the consumer is given this unique ID # for their records and so that they may then use this ID in the future with other partners (Domain A, Domain B, ... Domain Z).

    The Domain (could be A, B, ... Z) will request information from me using that unique ID # and upon receipt of that request I have to pass back a whole series of data (9 unique strings).

    I figure the best way to set this up is to pass the data back and forth in XML packets but I have no clue how to really set that up as a token/id/etc transaction. Also, I don't want just anyone to be able to request data using the unique ID, it must be a KNOWN business partner that has an established account with us.

    Any thoughts on the best way to set this up?

    Thanks,

    Pete

  • #2
    UE Antagonizer Fumigator's Avatar
    Join Date
    Dec 2005
    Location
    Utah, USA, Northwestern hemisphere, Earth, Solar System, Milky Way Galaxy, Alpha Quadrant
    Posts
    7,691
    Thanks
    42
    Thanked 637 Times in 625 Posts
    As long as you use SSL I don't see a problem. You will of course need to store the originating domain with each customer record, so you can restrict release of data only that domain.

    How much of this process will have human intervention?

  • #3
    Banned
    Join Date
    Jun 2007
    Location
    Web Designer
    Posts
    321
    Thanks
    0
    Thanked 6 Times in 6 Posts
    Also use var_filter to escape mysql query strings ,etc .

  • #4
    New to the CF scene
    Join Date
    Oct 2009
    Location
    Ft. Lauderdale, FL
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Fumigator View Post
    As long as you use SSL I don't see a problem.
    How much of this process will have human intervention?
    Agreed. SSL is a requirement.

    I was thinking that I would have a subdomain for each partner: https://domaina.mycompany.com/originate.php - that way I always know who should be calling and can do some quick security checks.

    I'm having problems with the XML process not the actual coding of the XML data but with the best way to exchange it.

    If you look at the google API you request a token, a token is provided, then you use that token to request data (i.e. address book entries). Most users have patience for that process however in my case we have 10 million users causing daily transactions.

    Processing 10 million requests per day with two passes required to collect 1 XML packet/file which contains 10 100 byte strings of data is simply too much traffic and would slow our partners down considerably.

    Also, how do you actually return an XML packet/stream to the caller? I'm not responding to a browser so the echo command wont work... I figure there is a way to do this in php but I dont know how.

    Thanks,

    Pete


  •  

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •