storing payment gateway verification variables - in application.cfc ?

Question

Every time an order is placed, a confirmation comes back from our payment gateway, to our page 'response.cfm'

It contains various items of data about the order (our gatewayID, orderValue, etc)

For security, I need to compare the gatewayID sent to us, with our own. I wondering where the best place to store our own copy ? I was going to place it in the application.cfc ?

Is this OK ? Or am I better storing it in a database table ?

Reed_Powell-ttnmOb · Answer

Owain beat me to the first question. if it is your own server then using session or app vars would be ok. if it is a shared server then you want to avoid that since they are not secure. Just do the database query and set a cachedwithin timespan so that you don't keep hitting the actual database for every transaction. Or you could store the value in the request scope, which (I think) is pretty safe. I've never heard of anyone being able to access request scoped vars from another request, but I guess anything's possible.

-reed

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded