OFBiz OFBiz - Dev

two questions about order entry

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Si Chen-2
Reply | Threaded
Open this post in threaded view
|

two questions about order entry

Si Chen-2
Hello.

We have two questions about order entry:

1.  Why are the payment methods manually listed on billsettings.ftl,
instead of gotten from Product Store's payment methods list?  Would it
be better to get it from the payment methods list?

2.  What is the best way to support CVV numbers during order manager
order entry?  Should it be saved in the session only?  I remembered Andy
Z. saying a long time ago that it should not be stored in database.  
What if it's stored and encrypted?

Si
Jacques Le Roux
Reply | Threaded
Open this post in threaded view
|

Re: two questions about order entry

Jacques Le Roux
Administrator
Si,

I don't know for the 1st question but for the second I'm quite sure that this is worldwide legally forbidden (storing CVV numbers
permanently
even encrypted or any)

Jacques

> Hello.
>
> We have two questions about order entry:
>
> 1.  Why are the payment methods manually listed on billsettings.ftl,
> instead of gotten from Product Store's payment methods list?  Would it
> be better to get it from the payment methods list?
>
> 2.  What is the best way to support CVV numbers during order manager
> order entry?  Should it be saved in the session only?  I remembered Andy
> Z. saying a long time ago that it should not be stored in database.
> What if it's stored and encrypted?
>
> Si

David E Jones
Reply | Threaded
Open this post in threaded view
|

Re: two questions about order entry

David E Jones
In reply to this post by Si Chen-2

On Feb 2, 2007, at 11:22 AM, Si Chen wrote:

> Hello.
>
> We have two questions about order entry:
>
> 1.  Why are the payment methods manually listed on  
> billsettings.ftl, instead of gotten from Product Store's payment  
> methods list?  Would it be better to get it from the payment  
> methods list?

It probably would be better so CSRs and the like don't use something  
that isn't configured on the store, resulting in errors and such.

> 2.  What is the best way to support CVV numbers during order  
> manager order entry?  Should it be saved in the session only?  I  
> remembered Andy Z. saying a long time ago that it should not be  
> stored in database.  What if it's stored and encrypted?

The rule is it can't be persisted outside the scope of the  
transaction. There is a note about this in a comment in the  
entitymodel file.

-David



smime.p7s (3K) Download Attachment
Si Chen-2
Reply | Threaded
Open this post in threaded view
|

Re: two questions about order entry

Si Chen-2
David E. Jones wrote:

>
> On Feb 2, 2007, at 11:22 AM, Si Chen wrote:
>
>> Hello.
>>
>> We have two questions about order entry:
>>
>> 1.  Why are the payment methods manually listed on billsettings.ftl,
>> instead of gotten from Product Store's payment methods list?  Would
>> it be better to get it from the payment methods list?
> It probably would be better so CSRs and the like don't use something
> that isn't configured on the store, resulting in errors and such.
>
So what if additional methods of payment, like Paypal, etc. are required?
>> 2.  What is the best way to support CVV numbers during order manager
>> order entry?  Should it be saved in the session only?  I remembered
>> Andy Z. saying a long time ago that it should not be stored in
>> database.  What if it's stored and encrypted?
>
> The rule is it can't be persisted outside the scope of the
> transaction. There is a note about this in a comment in the
> entitymodel file.
>
That's what I thought.  So is the right way to put it into the session
and call authOrderPayment with it?
> -David
>
>

Si Chen-2
Reply | Threaded
Open this post in threaded view
|

Re: two questions about order entry

Si Chen-2
Si Chen wrote:

> David E. Jones wrote:
>>
>> On Feb 2, 2007, at 11:22 AM, Si Chen wrote:
>>
>>> Hello.
>>>
>>> We have two questions about order entry:
>>>
>>> 1.  Why are the payment methods manually listed on billsettings.ftl,
>>> instead of gotten from Product Store's payment methods list?  Would
>>> it be better to get it from the payment methods list?
>> It probably would be better so CSRs and the like don't use something
>> that isn't configured on the store, resulting in errors and such.

>> Sorry, David, I misunderstood your response.  I'm not suggesting we
>> just get a list of all the PaymentMethodTypes, but I was wondering if
>> it would be better to get it from ProductStore Paymentsettings?

Si

Andrew Sykes
Reply | Threaded
Open this post in threaded view
|

Re: two questions about order entry

Andrew Sykes
In reply to this post by Si Chen-2
Si,

You should be able to find out more here...
https://www.pcisecuritystandards.org/index.htm

- Andrew

On Fri, 2007-02-02 at 20:14 +0100, Jacques Le Roux wrote:

> Si,
>
> I don't know for the 1st question but for the second I'm quite sure that this is worldwide legally forbidden (storing CVV numbers
> permanently
> even encrypted or any)
>
> Jacques
>
> > Hello.
> >
> > We have two questions about order entry:
> >
> > 1.  Why are the payment methods manually listed on billsettings.ftl,
> > instead of gotten from Product Store's payment methods list?  Would it
> > be better to get it from the payment methods list?
> >
> > 2.  What is the best way to support CVV numbers during order manager
> > order entry?  Should it be saved in the session only?  I remembered Andy
> > Z. saying a long time ago that it should not be stored in database.
> > What if it's stored and encrypted?
> >
> > Si
>
--
Kind Regards
Andrew Sykes <[hidden email]>
Sykes Development Ltd
http://www.sykesdevelopment.com
Free forum by Nabble Edit this page