Hacker Timesnew | past | comments | ask | show | jobs | submitlogin
Show HN: Your personal payment processing server (medium.com/maksim_ka2)
11 points by makasim on Nov 25, 2015 | hide | past | favorite | 10 comments


Setup PayumServer in the blink of an eye: https://medium.com/@maksim_ka2/setup-payumserver-with-docker...


There is a reason "modern" payment processor services use JavaScript or an iframe or a redirect for payments:

It means the credit card details are never sent to your server, so you are not required to meet the full terms of PCI Compliance on your server


Not sure I get you. About PIC DSS. PayumServer do not store any sensitive info anywhere, even in the http session. It is passed through the server to a payment gateway. PayumServer uses iframe or javascript solution (which you mention above) if a payment gateway supports it. For example Stripe.Js supports it and PayumServer reuse this feature.


Every interpretation I've seen about PCI DSS is that any server that credit card data is passed to (whether it stores it or simply re-transmits it) is required to meet some aspect of the policy. Obviously if you aren't storing the data, the rules about storage don't apply... but:

You also need to consider things such as: if the process crashes, does it produce an error log or exception trace with the request information?

Given that Payum is written in PHP and uses the Symphony HTTP Request class, let's consider that in 5.6+, fopen('php://input') (i.e. read the request body) can cause a temp file to be created with the contents of the request body stored in it.

So even if you don't intend to store the request, the underlying technologies often store data transparently (albeit temporarily).


Nice man, but I have a question in mind what is different between your solution and activemerchant from Shopify other than containerized things?


As far as I know (feel free to correct me) it is just a library, not a service. It is better to compare it with Payum library.

It is not end solution. It does not provide API, backend UI, integration with a storage. It takes a bit more time to setup it. Plus, you have to be a developer (preferably Ruby one) to use it.

PayumServer requires as few programming knowledge as possible. You can use it with any of your app, written on whatever language you like.


I think you are right as I know, it is an open-source library not a service, but the point that I want to know why are starting from scratch as I know this library have a huge payment gateways integration ready and tested https://github.com/activemerchant/active_merchant


I did not start from scratch, Payum library has 3 years history. It also supports many gateways: http://payum.org/doc/1.0/Core/supported-gateways

It is already used in many projects, in production, well tested. The 1.0.0 version was released not long ago.


I think you are right as I know, it is an open-source library not a service, but the point that I want to know why are starting from scratch as I know this library have a huge payment gateways integration ready and tested


good job! dude! I love this solution




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: