Posted by: deke
Posted on: 2002-06-15 03:06:00
Is anybody currently using Paypal's Instant Payment Notification?
It requires the use of HTTPS. Will it work with the $10 "testing" certificates that Dreamhost generates, or does it require something like the Thawte certificate?
For that matter, does the same certificate work for LWP and Crypt:SSLeay as for offering secure pages to users, or do you need something special?
Posted by: wil
Posted on: 2002-06-19 15:04:00
> $10 "testing" certificates
Can you provide a link? Haven't heard of these.
Wil
Posted by: deke
Posted on: 2002-06-19 16:43:00
https://kbase.newdream.net/index.cgi?area=2594
Posted by: will
Posted on: 2002-06-19 16:48:00
That's just saying that we'll waive the fee to generate a CSR (certificate signing request) for Strictly Business customers.
There is no $10 "testing certificate" that I'm aware of.
I'm pretty sure you're stuck with using a certificate from Thawte, Verisign or one of these other companies.
I wish there was a way that we could allow people to use self-signed certificates for internal stuff, but I'm pretty sure we can't do this - not so much for technical reasons, but because there's a good chance someone would abuse this and try to mislead customers into believing that the certificate was signed by a trusted CA.
Posted by: zentao
Posted on: 2002-06-19 16:55:00
One of our clients uses PayPal. It does not require SSL on site. That's handled on PayPal's site. And she does receive instant notification. IPN is as far as I know just a switch the account holder sets in their PayPal account. Can you be more specific as to your difficulty?
BTW, many regular surfers refuse to use PayPal. And NJ residents cannot use them by law. You might use this service instead: http://www.c2it.com They are a real bank and credit card service provider, and they do not require customers to sign up like PayPal does.
zentao web design, graphic art and design at www.zentao.com
zentao7, Gallery of Artists and Speculative Novel Writers Groups
Posted by: wil
Posted on: 2002-06-20 02:57:00
And just to answer your second question(?), LWP will work with Crypt::SSLeay which in turn will worth with official certiciates from Thawte amongst others.
However, to run Srypt::SSLey, from what I remember you need to install OpenSSL or SSLeay locally on the server that will be accessing the secure document. I'm not sure if the regular Dreamhost machines have this installed. I've never actually checked to see if https are hosted on another machine somewhere. I don't think they are...
Cheers
Wil
Posted by: deke
Posted on: 2002-06-20 08:02:00
According to the PayPal documentation, when you are using IPN, after their software sends information to the secure URL that you specify, you need to respond to a secure URL that they provide.
Setting up the secure URL to provide them is no problem; there's lots of documentation on that. And I've done some programming where I fetch files in Perl via http. But the whole security certificate thing for clients has me confused.
Thawte has instructions for installing developer certificates in "Apple Codesigning", "Marimba Channel Signing", "Microsoft Authenticode", "Netscape Object Signing", "Microsoft Office", and "SunJava". No instructions for installing a certificate in Perl/LWP.
And I'm a little apprehensive about using LWP anyway, for a financial application - the documentation says the library does not support multiple simultaneous requests. All I need is for users to send money without my site knowing about it, simply because LWP can only juggle one user at a time.
If you expect 15 customers a month, at $5 or $10 each, you can't afford to have a bank card account; your service fees are going to exceed that. If you ask customers to find a stamp, find an envelope, address it, write a check and put it in the envelope and remember to mail it, and return in 2 weeks for electronic services, you're going to be lucky to have 1 customer a month. And if more than one check in 7 bounces, you're better off burning the checks than depositing them.
There is *very* little documentation at the c2it site. It might be a way to email money to your cousin, but it doesn't look like there's any way for a website to accept money and *immediately* deliver electronic goods or services.
Posted by: wil
Posted on: 2002-06-20 08:08:00
If you're worried about multiple connection issues with LWP (I wouldn't be too worried myself) then look into the LWP::Parallel set of modules which basically can run a number of conenctions in parallel. I think the default set for most servers are 15. This needs to be closely monitored, however, and should be set according to your server specs and your anticipated load/traffic.
Rgds
Wil