views:

63

answers:

2

Recently we've developed an E-Commerce web application for a client. We are at the stage before launch and the client is not happy to disclosing live merchant account details to us because they don't want us to potentially being able to see their clients' data.

Since we are going to maintain their website (running off their servers but we will still have access to the site files) I cannot see an easy solution to this other than trust.

How to implement and maintain E-commerce application when business don't want to disclose merchant details to developers?

+2  A: 

Have you signed, or have you suggested using a non-disclosure agreement (NDA)?

Nick
We have not and we are going to propose that at next meeting. Thanks.
Giuseppe R
+2  A: 

Consider encrypting the details in a configuration file.

The key for decrypting these details could then be held in another folder which is only available to the application and to the client.

While certainly not foolproof this would stop trivial disclosure of the account details.

Jeremy McGee
I thought of some sort of workaround like this and most likely we will adopt something similar. Thanks for your input.
Giuseppe R