[ukandy]

Genuinely like the idea, but wouldn't trust a service that uses PHP on a VPS without SSL. I'm sure you will fix the SSL when you launch, and I'm just a snob with regards to PHP.

[jtreminio]

Nobody really cares what you think about a third party service using a language you don't like.

The SSL issue, however, needs to be fixed ASAP.

[ukandy]

I have huge respect for PHP, and many years of PHP development under my belt. I wouldn't dream of using it for something pretty heavy weight such a this. Certainly a factor that would come into play for some prospective users.

[ukandy]

Running a payment gateway and authentication services is like painting a massive target on your back. The security must be impeccable, one mistake would be a monumental score on the part of a cracker.

A VPS introduces many layers of possible weakness, that could be used a entry points for an attack.

PHP just isn't the right tool for the job. I agree with you, that at this point in time it's secure. I trust that other languages, with smaller, simpler code bases will be more secure over time.

[jtreminio]

Without having access to the actual source code, I wonder what you consider heavy weight about it?

If you mean the purpose of the app, PHP is more than capable of handling highly sensitive data if it is written by a capable developer.

If you mean traffic wise, a single VPS can easily handle thousands of requests a second, and if you need more you simply add more inexpensive VPS.

Unless I misunderstood your sentence?