Question
I have have a rails application which a payment form. As showed it the official website, I create a new credit card like this :
https://stackoverflow.com/questions/20079065
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianattributes = params[:credit_card]
credit_card = ActiveMerchant::Billing::CreditCard.new(
:number => attributes[:number],
:month => attributes[:month],
:year => attributes[:year],
:first_name => attributes[:first_name],
:last_name => attributes[:last_name],
:verification_value => attributes[:verification_value]
)
It works but it's not very secured because it pass data in clear on the post request, after submiting the form.
What is the best way to secure my application? I seen this railscast but It's not very applicable for activemerchant.
I can use ssl but is it enough? I am using heroku so, to have ssl, I must simply use https instead http.
Solution
Having your payment calls go through the HTTPS protocol is the best way. In fact, even if you found a better way to obfuscate the data you are sending, if the counterpart does not share the same logic it will be useless.
All sensible and risky data like this should live only under the HTTPS protocol.
