Forms Client Side Encryption and invoking external Secure Service via URL
24059Jan 5 2007 — edited Jan 24 2007Upfront info: I haven't written forms in about 6 years (since early 6i versions with FAT client)
I read in another thread that FORMS does 40bit encryption between the browser client and the application server. I'm not sure what's occuring between the application server and the database?
My requirement is to call an EXTERNAL web service via SSL - a credit card payment gateway. If forms is going to call this, what are my options, and what are the pitfalls?
1. I'll assume that I can use UTL_HTTP securely, store the certificate in the DB, and then invoke the remote web service (big assumption?). How did the card information get into the DB? Could it be "sniffed"?
2. Can forms encrypt the data clientside and then invoke the web service directly by using some kind of client-side jar file? What else might be needed?
I'm really clueless on this one, and would appreciate any help/direction.
Thanks, very much.
[note : unanswered in security forum since 12/22]