[e.g. open a SSL connection between my hosting server and their gateway and then post the data (credit card number, name, etc..) using a script.]
I used HTML forms to post data but never a script. Also, what about the safety concern of the following scenario:
1. My site displays a form to gather credit card info
2. Then posts to my script
3. My script sends that data and the transaction key (password) to their file for processing.
Q: What if someone just looks up the source of my form and submits their own data to step 2 ? My script would still process everything and send it all to step 3?
I know I could create a digest through MD5 based on let's say amount+secret_word and pass it as hidden to the form. Then my script in step 2 could verify if the data is valid or if someone tried to send their own stuff, but in that case what's the use of the transaction key as the security parameter?
Mariusz
_________________________________________________________________
Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
-- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
