Skip to content Skip to sidebar Skip to footer
Home / Angularjs / Braintree / Credit Card / Javascript / Payment Gateway

Encrypting Credit Card Details Using Angularjs In Braintree

Post a Comment
I am using Braintree for payment gateway and I have across an issue. I am sending credit card information with other user details. For security purposes Credit card information h

Solution 1:

The question is "why is the AJAX request data not encrypted by Braintree JS", and the answer is nothing to do with HTTPS.

Yes, HTTPS is required to encrypt traffic in production - and in this case it will encrypt the already encrypted card data - but HTTPS is neither the question nor the answer here.

If you look at the Braintree documentation (Example here) you'll note that each input in the example form has added an attribute data-encrypted-name:

<inputtype="text" size="20" autocomplete="off" data-encrypted-name="number" />

The documentation then points out this code:

braintree.onSubmitEncryptForm('braintree-payment-form');

When the form is submitted, code in braintree.js is invoked, inspects the form, looks at the plain text in each marked input, encrypts it, save those encrypted values according to the data--encrypted-name attributes, and then that encrypted data is used when the form is transmitted via HTTP/HTTPS.

In the AngularJS example code above, the OP does include the data-encrypted-name attributes on some of the inputs (I don't know if it needs to be on all of them) but just labeling the input is not enough. The function to encrypt the raw input values (or in this case, the model data) still needs to be invoked, and then that encrypted model can be sent in a POST back to the server.

Said another way, the problem implementation:

  1. Form builds a model
  2. Model sent via HTTP to server

The corrected implementation would be:

  1. Form builds a model
  2. Braintree.js invoked to encrypt some parts of the model.
  3. Encrypted model is sent via HTTP (or HTTPS in production) to server

Here's a plunkr someone else did showing one way to encrypt AngularJS model data on the fly:

http://plnkr.co/edit/2kF9Im?p=preview

If it were me, I'd just call braintree.encrypt() on each field immediately prior to submitting the form rather than on every keypress - or modify the directive to work on the form at submission time.

Solution 2:

If your html page is accessed using HTTPS then your form submission will be (unless otherwise specified) be HTTPS. If you want to ensure that HTTPS is used, then you would need to do something on server to disallow HTTP for this particular page.

Post a Comment for "Encrypting Credit Card Details Using Angularjs In Braintree"