i'm new to mobile payments and i can't seem to find what would be the best option for my situation.
I have a hybrid mobile application written in js that will handle payments. We hired the service of a backend provider (www.backendless.com) for all the database logic, however the backend only allows to execute scripts within the server for 20 seconds. To process the online payments then i would need an additional server that receives the credit card info and relies it to the online payment platform along with a certificate given to us.
The question is about how to reach my payment server (most likely a free instance on amazon EC2).
Option 1: Make the mobile app connect to my backend and then make the backend connect to the payment validating server on amazon.
This option allows me to hide the payment server address and thus preventing attacks from malicious clients, however it involves more latency.
Option 2: Make the mobile app connect directly to my payment server.
With this option the latency is lower but my server address is exposed in the application code.
I am not an expert in security and honestly i am not sure how hard is to set up a server with all the security measures necesary to avoid most attacks. Thanks!
Aucun commentaire:
Enregistrer un commentaire