I am creating a store using Active Merchant and PayPal sandbox right now. It seems to be working fine, but I don’t think it is even remotely secure. I don’t really know too much about HTTPS and how to implement secure connections.

I am currently passing the credit card and billing information in the session (probably not the smartest idea). My current code is posted below. I really need help with what direction and steps to take in order to make this a secure, usable store.

 def payment session[:billing_address] = params[:billing_address]   end   def summary     @credit_card = params[:credit_card]     session[:credit_card] = params[:credit_card]     @billing_address = session[:billing_address]     @cart = get_cart     @purchases  = @cart.purchases     @total = @cart.total  end   def finish      @cart = get_cart      @total = @cart.total       credit_card = ActiveMerchant::Billing::CreditCard.new( session[:credit_card] )       billing_address = session[:billing_address]       flash[:notice] = credit_card.errors and return unless credit_card.valid?       gateway = ActiveMerchant::Billing::PaypalGateway.new(:login=>$PAYPAL_LOGIN, :password=>$PAYPAL_PASSWORD)       res = gateway.authorize(@total, credit_card, :ip=>request.remote_ip, :billing_address=>billing_address)       if res.success?         gateway.capture(@total, res.authorization)         flash[:notice] = 'Authorized'       else         flash[:notice] = 'Failure: ' + res.message.to_s      end       end