You may want to consider a different approach to this that will end up being more secure that what I've seen proposed to far.
First, does your IIS site use SSL? If not, you can ignore the rest of what I'm about to propose.
What I would do is create a web service to do this and let the site running in IIS collect the payment info. Before you get all bent out of shape about XML parsing or using WebSphere, you don't need to use SOAP! You can do something that is more like (or maybe exactly like) REST. They way this will work is that you have the front end site call your CGI program passing name/value pairs. Your CGI program can then do what it needs to do and then respond with name/value pairs or maybe a small, easy to generate XML message. I did something very similar to this 11 years ago (wasn't for credit cards) and it worked very well. BTW, AJAX calls typically work this way so you aren't really doing anything weird or new.
If you go this route, you need to set up your CGI program so it only runs over SSL, can't be called externally, and I'd also require the calling application to authenticate when it makes the calls.
Matt
----------------------------------------------------------------------
message: 1
date: Thu, 29 Apr 2010 13:33:08 -0400
from: Mike Cunningham <mike.cunningham@xxxxxxx>
subject: [WEB400] How would I do a paypal type redirect using RPG CGI?
We run an IIS web server for public access and an iSeries web server for secure things. We have an IIS based application that needs to get credit card information but want that to be collected by an iSeries application (we have existing iSeries based credit card processes using Curbstone). Very much like a paypal process. The IIS form collects all the necessary information except the credit card info, redirects the user to the iSeries app and passes amount and name and a few other things. iSeries app asks for credit card info, validates it, encrypts it, etc, etc and then needs to return to the "calling" application and pass back if the credit card part was valid or not. (Doesn't really have to do this but the group that controls the IIS side of our organization wants to know and show the user a second confirmation (or rejection) page.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.