Details
-
Type:
Bug
-
Status: Open
-
Priority:
Minor
-
Resolution: Unresolved
-
Affects Version/s: 4.7
-
Fix Version/s: None
-
Component/s: None
-
Labels:None
-
Versioning Impact:Patch (backwards-compatible bug fixes)
-
Documentation Required?:None
-
Funding Source:Contributed Code
Description
The javascript submission method is more secure since the credit card number never hits your server. However given the variety of form structures that use credit cards in CiviCRM there are a lot of corner cases that break credit card submissions when you use this method.
We should provide the user with the option of using the javascript method (the default) or the alternative method - submitting via PHP on the server.
When submitting via PHP on the server you use the same method in use by all the other CiviCRM credit card processors making it more stable.
The user can choose the PHP method by setting a constant in their civicrm.settings.php file (in the future it would be useful to make this a gui-configurable option).