Submitting credit card numbers?

[php_guy]

I have two sites on two different servers

 

server1: has the purchase page where it asks for credit card numbers etc.

 

server2: has the CGI files to send payment data directly into the payment processor.

 

I cannot put the CGI files on server1 due to security restrictions, etc.

 

My question is: How can I securely transmit the credit card data from server1 to server2?

 

Thanks!

[Psycho]

https

[jcbones]

1. there are laws that deal with credit card handling and processing.

2. You MUST have a certificate.

 

 

To answer your question: https://

The problem: You will have to span a certificate across 2 domains, not sure if that is possible.  Otherwise, your data will not be encrypted correctly.

Suggestion:  All data, processing shouldn't span 2 domains, it should be handled on one.  Send the cart to second domain, then process there. Contact the processor to see what they require, and they should help you get it set up.

 

Remember: #1 above.

[php_guy]

Thanks for the quick replies guys

 

So how about this. I move the purchase page (just an HTML page) on the second server, such that when the submit button is pressed, then it submits to the CGI script that resides on the same server.

 

In this case, I do not have to get two SSL certificates, and all processing is localized on one machine

 

Would this work? Keeping in  mind that the data would be sent to the CGI script via POST. Is this okay, so long as I have SSL?

 

Thanks!

 

Now, keep in mind that i'm submitting data from

[jcbones]

It should work, but there is no better way than testing it.

[php_guy]

Awesome, thanks!

 

So is it OK to send via HTTP POST? Or is there another preferred way?