1. Angelo Emmi
  2. PowerServer
  3. Friday, 18 August 2023 12:12 PM UTC

Currently I run on PB2019 as a straight Client server app.

I need to have the users enter credit card data to be authorized by a third party.  The third party has an iFrame to option use so that we are PCI compliant.  Does the new Power Server support iFrames.

Sending a straight API will not be PCI complaint.

 

Thank You

 

Angelo

Armeen Mazda @Appeon Accepted Answer Pending Moderation
  1. Friday, 18 August 2023 19:11 PM UTC
  2. PowerServer
  3. # 1

I agree with Mike... using the WebBrowser control and loading the IFrame in the WebBrowser control is the only way to do it.  I recommend upgrading to from PB 2019 to PB 2019 R3 so you have the secure version of WebBrowser control for PCI compliance.  Older versions of PB are not going to be secure for PCI compliance.

Comment
There are no comments made yet.
Chris Pollach @Appeon Accepted Answer Pending Moderation
  1. Friday, 18 August 2023 14:05 PM UTC
  2. PowerServer
  3. # 2

Hi Angelo;

  PowerServer would have nothing to do with your iFrame interaction. The PS Server would only broker your App's data access. So the key question would be what PCI compliant API's exist to interact with iFrame from the PB App (whether it's C/S, PowerClient or PowerServer based) based on C++. Since I don't know iFrame, it can't answer that part of the question. Probably a good question for the iFrame folks to guide you further.

  Now if your Web API's were built with SnapDevelop where you would be coding in pure C#, that could be a good question. Again though, the iFrame people should be able to guide you with a C# DotNet API requirements.  

  Nite that Appeon PB now supports direct C# DotNet assembly consumption in your PB App. So the same iFrame API might also suffice when called from your PB App as well. HTH 

Regards ... Chris 

Comment
There are no comments made yet.
mike S Accepted Answer Pending Moderation
  1. Friday, 18 August 2023 13:59 PM UTC
  2. PowerServer
  3. # 3

My thought is to use the webbrowser control, which has been updated in R2, since you need to be able to get the return token.  using an embedded browser like that however, may not be PCI compliant. 

edit: actually, i'm pretty sure it isn't pci compliant since the browser is technically under your control.  

 

The ideal is to pop up the users default browser - but then you need to get the returned results into your ps app.

Comment
  1. mike S
  2. Friday, 18 August 2023 14:23 PM UTC
As an alternative, there may be a small yearly certification that you can do to say that you are PCI compliant, and then just use a rest api instead of the iframes. As long as you don't store the cc info on any of your servers, then my understanding is that it is a pretty minor process.
  1. Helpful
There are no comments made yet.
  • Page :
  • 1


There are no replies made for this question yet.
However, you are not allowed to reply to this question.
We use cookies which are necessary for the proper functioning of our websites. We also use cookies to analyze our traffic, improve your experience and provide social media features. If you continue to use this site, you consent to our use of cookies.