Reputation: 84
Authorize.net Form Security
Let me preface the question by stating that I'm not a programmer and am requesting a response that an infant could grasp.
I'm building a payment form via Authorize.net using the PHP SIM method. I've noticed that the hidden fields of the form (which contain my API Login ID and Transaction Key) are visible in the source code. Obviously this is not good.
The only solution I've found to keep them hidden is to pull in the values from a secure external file during the POST of the form.
Sounds logical, but how do I do this? What does that look like in PHP? Have mercy!
Upvotes: 1
Views: 131
Answers (1)
Reputation: 219884
The transaction key is not visible in the source code of the form. The API login is but that's ok. The transaction key, along with the API login and other criteria which are dynamic and unique to the transaction, are included with the form in the form of a MD5 hash and cannot be guessed or created by hackers. This is safe and secure.
You really should hire a programmer to do this for you. Ecommerce isn't something a non-programmer should even think about playing with. This is how lives are ruined.
Upvotes: 1
Related Questions
- Authorize.net gateway setup
- Payment Methods of Authorize.net
- Authorize.net payement transaction
- asp.net authentication and authorisation
- Using Bank Accounts With Authorize.Net C# SDK
- I have a few questions about Authorize.Net
- Authorize.net payment gateway on wordpress e-commerce plugin
- Security in ASP during payment
- Security .NET MVC C#, FormsAuthentication
- Authorize.NET Direct Post Method WebForms (C#) sample implementation