Secure form for Authorize.net

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
MicahCarrick
Forum Newbie
Posts: 23
Joined: Sat Apr 09, 2005 5:40 pm

Secure form for Authorize.net

Post by MicahCarrick »

I am working on a project in which I'll be interfacing to authorize.net's AIM payment gateway. However, what's the most secure way to collect the information from the end user? Is simply using a HTML form and posting the form to a script which passes the infor to authorize.net secure enough? What do I need to use https?

Security is not my forte'. Any help would be much appreciated.

Micah
User avatar
n00b Saibot
DevNet Resident
Posts: 1452
Joined: Fri Dec 24, 2004 2:59 am
Location: Lucknow, UP, India
Contact:

Post by n00b Saibot »

Why aren't you letting the Authorize.net handle the data entry+security. Listen to me if you don't know security try their SIM method. its the easiest to implement of all the three. No tension for security. Although you will have to download the zip for PHP functions they implement for validation purposes. Any more questions :?:
MicahCarrick
Forum Newbie
Posts: 23
Joined: Sat Apr 09, 2005 5:40 pm

Post by MicahCarrick »

My client already has the AIM account and that's the way they want to go. Also, I'm trying to learn as much as I can about security related issues being that security is my biggest weakness.

No I know how to pass the values to authorize.net's AIM using SSL, however, my concern is the point in which I collect the data. I'm assuming I'll also need to use SSL (https) but not real sure how to set that up. Also, should I be using any sort of other techniques or have any other concerns when collecting form data securely?
Post Reply