Just wanted to report back on this question. I ended up just doing this on the final page of the credit card app running on the secure site. This close the popup window where I collect the credit card info and changes the parent window to the url provided. Exactly what I needed it to do
- /%WCCDTTM%/'; window.close(); return false; "target="_parent"" value="Close Window" >
From: web400-bounces@xxxxxxxxxxxx [mailto:web400-bounces@xxxxxxxxxxxx] On Behalf Of Haas, Matt (CL Tech Sv)
Sent: Friday, April 30, 2010 3:28 PM
Subject: Re: [WEB400] How would I do a paypal type redirect using RPG CGI?
You may want to consider a different approach to this that will end up being more secure that what I've seen proposed to far.
First, does your IIS site use SSL? If not, you can ignore the rest of what I'm about to propose.
What I would do is create a web service to do this and let the site running in IIS collect the payment info. Before you get all bent out of shape about XML parsing or using WebSphere, you don't need to use SOAP! You can do something that is more like (or maybe exactly like) REST. They way this will work is that you have the front end site call your CGI program passing name/value pairs. Your CGI program can then do what it needs to do and then respond with name/value pairs or maybe a small, easy to generate XML message. I did something very similar to this 11 years ago (wasn't for credit cards) and it worked very well. BTW, AJAX calls typically work this way so you aren't really doing anything weird or new.
If you go this route, you need to set up your CGI program so it only runs over SSL, can't be called externally, and I'd also require the calling application to authenticate when it makes the calls.
date: Thu, 29 Apr 2010 13:33:08 -0400
from: Mike Cunningham <mike.cunningham@xxxxxxx>
subject: [WEB400] How would I do a paypal type redirect using RPG CGI?
We run an IIS web server for public access and an iSeries web server for secure things. We have an IIS based application that needs to get credit card information but want that to be collected by an iSeries application (we have existing iSeries based credit card processes using Curbstone). Very much like a paypal process. The IIS form collects all the necessary information except the credit card info, redirects the user to the iSeries app and passes amount and name and a few other things. iSeries app asks for credit card info, validates it, encrypts it, etc, etc and then needs to return to the "calling" application and pass back if the credit card part was valid or not. (Doesn't really have to do this but the group that controls the IIS side of our organization wants to know and show the user a second confirmation (or rejection) page.
As an Amazon Associate we earn from qualifying purchases.