
Show HN: Your personal payment processing server - makasim
https://medium.com/@maksim_ka2/your-personal-payment-processing-server-abcc8ed76804#.1sk3zmkl3
======
makasim
Setup PayumServer in the blink of an eye:
[https://medium.com/@maksim_ka2/setup-payumserver-with-
docker...](https://medium.com/@maksim_ka2/setup-payumserver-with-docker-in-
the-blink-of-an-eye-cfcd3d4fe1f6#.pd40jha15)

------
stephenr
There is a reason "modern" payment processor services use JavaScript or an
iframe or a redirect for payments:

It means the credit card details are _never_ sent to your server, so you are
not required to meet the full terms of PCI Compliance on your server

~~~
makasim
Not sure I get you. About PIC DSS. PayumServer do not store any sensitive info
anywhere, even in the http session. It is passed through the server to a
payment gateway. PayumServer uses iframe or javascript solution (which you
mention above) if a payment gateway supports it. For example Stripe.Js
supports it and PayumServer reuse this feature.

~~~
stephenr
Every interpretation I've seen about PCI DSS is that any server that credit
card data is passed to (whether it stores it or simply re-transmits it) is
required to meet some aspect of the policy. Obviously if you aren't storing
the data, the rules about storage don't apply... but:

You also need to consider things such as: if the process crashes, does it
produce an error log or exception trace with the request information?

Given that Payum is written in PHP and uses the Symphony HTTP Request class,
let's consider that in 5.6+, fopen('php://input') (i.e. read the request body)
can cause a temp file to be created with the contents of the request body
stored in it.

So even if you don't _intend_ to store the request, the underlying
technologies often store data transparently (albeit temporarily).

------
mohameddev
Nice man, but I have a question in mind what is different between your
solution and activemerchant from Shopify other than containerized things?

~~~
makasim
As far as I know (feel free to correct me) it is just a library, not a
service. It is better to compare it with Payum library.

It is not end solution. It does not provide API, backend UI, integration with
a storage. It takes a bit more time to setup it. Plus, you have to be a
developer (preferably Ruby one) to use it.

PayumServer requires as few programming knowledge as possible. You can use it
with any of your app, written on whatever language you like.

~~~
mohameddev
I think you are right as I know, it is an open-source library not a service,
but the point that I want to know why are starting from scratch as I know this
library have a huge payment gateways integration ready and tested
[https://github.com/activemerchant/active_merchant](https://github.com/activemerchant/active_merchant)

~~~
makasim
I did not start from scratch, Payum library has 3 years history. It also
supports many gateways: [http://payum.org/doc/1.0/Core/supported-
gateways](http://payum.org/doc/1.0/Core/supported-gateways)

It is already used in many projects, in production, well tested. The 1.0.0
version was released not long ago.

------
slavahatnuke
good job! dude! I love this solution

