ArsDigita Archives
 
 
   
 
spacer

ArsDigita Shoppe

for AOLserver by Eve Andersson, Jin Choi, and Philip Greenspun, part of ArsDigita Free Tools
This collection of software lets you sell products from your Web site using our favorite Web server, AOLserver, with the Oracle RDBMS and the CyberCash gateway to credit card processors. The example data model and Tcl scripts would probably be useful if you're starting almost any ecommerce site. The cybercash.so module for AOLserver is only going to be useful if you've decided to use both AOLserver (free) and CyberCash (not free).

The philosophy and architecture of the ArsDigita Shoppe are explained in the ecommerce chapter of Alex and Philip's Guide to Web Publishing.

This is free software, copyright ArsDigita and distributed under the GNU General Public License. There are at least two multi-$billion companies using the code right now.

Our reference implementation is handling charitable contributions from readers of photo.net at https://db.photo.net/shoppe/.

Security

The customer-to-AOLserver connection is encrypted if you install and use the nsssl module (provided by the AOLserver team). The AOLserver-to-CyberCash connection is encrypted by the CyberCash API. We have chosen in this system not to keep credit cards in the database. This is good because if your Unix box is attacked, the cracker cannot get a big table full of credit card numbers. This is bad because if CyberCash is down, we are forced to reject orders. CyberCash claims 99.8% uptime but, even if this were true, that doesn't mean that they can always talk to your card processor. Our experience with CyberCash is limited but so far they've been unreachable and/or rejecting valid cards about 10% of the time that we've wanted to test our software or handle orders.

Configuring Your CyberCash Account

The software as delivered expects that you've configured your CyberCash account to be in auto-settle, manual-mark mode (and your card processor account for "terminal" rather than "host"). Soft goods sold via ArsDigita Shoppe will be marked for settlement immediately. Hard goods that must be shipped aren't marked until you go to the fulfillment admin page and say "we shipped this". CyberCash then batches up the marked transactions and settles them automatically every night.

How to Install

  • contact CyberCash and your bank to get a merchant ID + CyberCash CCID
  • download the Merchant Connection Kit from http://www.cybercash.com (we built our system using version 3.2)
  • download and compile cybercash.c from cybercash-0.1.tar.gz, which includes a README
  • unpack our Tcl scripts into /shoppe under your server's pageroot: shoppe.tar.gz
  • feed the /shoppe/doc/data-model.sql file to Oracle
  • add an AOLserver permission record to restrict access to /shoppe/admin (exact match NOT required)
  • add a symlink from your AOLserver private Tcl directory to the /shoppe/tcl directory
  • edit /shoppe/tcl/defs.tcl to include your site's name, email addresses, etc.
  • add the named procedures from philg's utilities.tcl to your AOLserver shared or private Tcl directory (download http://www.eveander.com/arsdigita/books/panda/utilities.txt)
  • augment your nsd.ini file as follows:
    [ns/server/**server_name**/modules]
    cybercash=cybercash.so
    shoppe_tcl=Tcl
  • download the country code data (country-codes.dmp) and load it into Oracle by typing imp at the Unix prompt
If this sounds too difficult, you can always hire ArsDigita to install, maintain, host, customize, etc. your ecommerce site.
eveander@eveander.com
spacer