Making BarclayCoin work
Last month we mentioned a commerce system called BarclayCoin. This is a method by which a web site can charge for items under £10. Well, since that article we have been busy setting up or own trial web site using this form of payment system. At first there was some confusion as to whether it would work under NT, Unix being the preferred choice. So we decided to install it on one of the Linux servers and also under IIS3 on NT4. The BarclayCoin system uses Perl scripts written by Cybercash to make everything work. So with NT the first thing that you need to do is to install Perl Ver5. This is available as a download from www.ActiveWare.com. You copy the files to a directory anywhere on your web server, but not within the web root, which in the case of Microsoft's Internet information server is usually \inetpub\wwwroot, and for Apache it is \home\httpd. This would cause a security hole by enabling a malicious web user to run executable code on your web server and do whatever he liked to your system. This is a simple rule of anything that you use within a web server. Do not put files that you would not want users to have full read access to. One client we know of had their web server configured in such a way that an access database was put in a sub directory of the web server. All a user had to do was to point their browser at this file and if they had Access installed on their system the database was opened with all the data visible. The file would be read only so that the information could not be altered but the privacy of the data was nevertheless severely compromised. When trying to get things to work, it is tempting at times to stuff everything into root of the web server or to open up the security settings. Avoid this temptation. We know it may be an easy way to get up and flying, but there is every chance that you will forget to lock it down again and leave something open with possibly disastrous consequences. Back to installing Perl. Having copied the files to a suitable directory you then run the install program. This alters such things as paths and registry settings. The next thing to do, which thankfully is documented, is to alter the registry manually to make the association so that .pl files will run under the perl.exe. That should get Perl up and running. It can be tested with a little script that is documented in the Microsoft Knowledgebase.
Test.pl
print "HTTP/1.0 200 OK\n"; print "Content-Type: text/html\n\n";
print "<HTML>\n"; print "<HEAD>\n"; print "<TITLE>Hello World</TITLE>\n"; print "</HEAD>\n"; print "<BODY>\n"; print "<H4>Hello World</H4>\n"; print "<P>\n"; print "Your IP Address is $ENV{REMOTE_ADDR}.\n"; print "<P>"; print "<H5>Have a nice day</H5>\n"; print "</BODY>\n"; print "</HTML>\n";
At this point nothing happened, and we traced this down to permissions on a .dll file in winnt\system32 . If you are running a Unix web server like Apache on Linux then Perl should be already running for you. Now with our test script working we set about getting the BarclayCoin software to work. At this point we contacted BarclayCoin. Their technical support guy Paul Slootweg was extremely helpful over the next few days as we battled to get things up and running. The problems were made worse by this being the first time that BarclayCoin had tried the scripts on an NT box. After various small amounts of editing of the scripts, all of which Paul assured us he was documenting for future reference. Then changing the file extension of the scripts from .cgi to .pl so that the Perl language would be executed correctly (remember the registry setting we changed earlier?). The final stage was to run a special encryption program against each of the product files that we wanted to sell to produce a myfile.ht_ . This is an encrypted version of the items for sale, that the system would use. Then the fateful moment came when it all worked. We clicked on the 'buy me' link (www.ecats.co.uk/barclaycoin), the BarclayCoin Wallet fired up on the browser machine, a click on the 'confirm' button and we had just paid £ 2.50 for some information from our own site !
BarclayCoin it lives!
Now whilst it would have been nice to have reported that the system installed in 5 minutes without a hitch, this is a complex setup with many variables, each of which could go wrong. It did take about 3 days of email and phone calls to get it all up and running, but this was a first for BarclayCoin and NT. Paul assured us that it is a lot easier under Unix and Mark is in fact about to try the system on a Linux box. BarclayCoin were very helpful, knowledgeable and determined to get things going and our hats go off to Paul for cracking the problems. Two days later, we received our first BarclayCoin statement. Zero. Ah well, we will obviously have to wait a little longer before becoming rich !
The Cambridge Information Network
Last month we mentioned e-commerce and the differences between America and Europe. So it was with interest that Mark received an invite to go and talk to Matthew Cohan who is one of the Directors of Cambridge Technology Partners (www.ctp.com). This is the Cambridge in America and not the one with the punts! The meeting was to talk about the company and a survey that they have just completed on E-commerce. CTP also run the Cambridge Information Network (CIN) (www.ctp.cin.com), which is a discussion forum a bit like cix but web based and by invitation only. They have some 1900 members around the world who are in high positions of IT management within companies with revenues of between 100 million and 10 billion dollars. Big boys indeed. CIN is a forum that allows these people to discuss IT issues in a private, closed area. Surveys and reports are done from time to time and made available to these members as are lunches and presentations on various issues. All this is offered as a free service by CTP, giving them, as it does, a feedback mechanism from the top players in IT. Your intrepid reporter managed to get a copy of this report a few days before it's release so that it could make this issue. There were several points that came out from this. Of the companies who had implemented some form of E-commerce, 40% confessed that they hadn't received any revenue from these nor did they expect to receive any revenue this year. 77% of respondents believed that the primary goal of e-commerce was 'improving customer service/care'. Nearly three-quarters said that the IT department set the strategy behind the company's e-commerce solutions as many business executives see this area as a technical issue. Finally, and quite surprising was that Europe on the whole had higher budgets for e-commerce than the 'Worldwide' average, although it was thought that this is because of the need to renovate older infrastructures.