01-28-2013 06:14 PM
OK, I have downloaded the anet_java_sdk so that I can use DPM integration. Now how do I set the classpath, load the necessary files and get this working on a shared windows hosting account at Go Daddy? I have been using AIM and classic ASP for years, but now want to move to DPM because I'm told it's less risky than AIM, because nothing is sent through my server, which the folks at PCI seem to like. I also believe that this allows me to self certify with SAQ-A.
01-29-2013 06:21 AM
Reading it did not provide any help. I am an ASP guy, not Java, or XML. I do not know what ant or mav is, nor do I have access to my server, since it is hosted.
The documentation simply says:
Place anet-java-sdk-1.4.2.jar, found in target, into your classpath.
Place the dependencies, found in lib, into your classpath.
It doesn't say what steps need to be taken, or how to do it. I can see the files they reference (which are executable). Any step by step help to get this installed on a shared Windows host would be helpful. Beyond that I can manage with the java script and form data which is not to different from what I am doing with AIM and ASP.
Thanks for any help.
01-29-2013 03:33 PM
The Windows based server appears as though it runs XML and there is an XML build file in the SDK package. That's abou all I know at this point, since I am not an XML person. Surely, Authorize. Net wouldn't limit the use of the application of DPM to strictly to non-windows based servers.
I guess it will take additional research. Boy I wish this stuff was easy. I have been chatting with AN, Trustwave, GoDaddy and my Merchant provider to the point of exhaustion the last two days. If AN had DPM in ASP, I would be selling by now.
01-29-2013 04:17 PM
You should be able to use DPM with ASP, although they didn't have any sample code for DPM. You could download the SIM with ASP sample code and change it to be like DPM. I think is just add the x_exp_date and x_card_num and remove
the x_show_form as show on the "Using the Java SDK" step 4 on the documentation.
01-30-2013 01:21 PM
I have already begun working with SIM, which for all intent and purposes, gets the credit card information off of my server and onto AN's server to the likes of Trustwave and PCI.
This being the case, I can get away with self assement for compliance (PCI's SAQ-A level) and forego the Trustwave scans, or at least ignore them on a quarterly basis, by justifying and proving if necessary, my use of SIM and AN's servers being PCI compliant.
Besides dealing with the issues of loosing session variables in the SIM environment (which can be restored with the judicious use of user defined fields in a post back relay), I noticed that it looks a lot like DPM. For that matter, every other version that AN offers as well.
I'm sure with a little tweaking here or there, I can get SIM to act like DPM and be done with the whole mess in short order, in a language I am familiar with, and a user experience that is virtually transparent. Heck, I can even use CSS and make the AN form look acceptable.
Thanks for enabling me to think with more focus, and just get on with it. I was getting caught up in the whole of it, instead of just looking at it a piece at a time, basically limiting my scope of compliance.
For what it's worth, Go Daddy will only be supporting Java on dedicated real or virtual servers in the near future. Ahhh, just another way to make more money...you got a love it!
Also, for anyone interested in knowing what you can save of the card holders data in the eye's of PCI, it's everything BUT the card number, CCV codes, and expiration dates (for card not present scenarios...basically e-commerce). Oh, by the way, you CAN save the last four digits of the credit card number if you want to as well.
I hope this has helped other folks out there that may have had the same issues I had. I feel better knowing that I am doing what is expected to be done to reduce credit card risk and confidently say: Card not present e-commerce transactions, being done in a SIM environment with ASP on a shared Windows Host, is absolutely fine, as long as the transaction server is PCI compliant, which AN is, and you don't save the credit card information stated above.
Thanks RaynorC1emen7 for your listening and commenting!
Happy coding all!