----- Original Message ----- From: "Bud" <[EMAIL PROTECTED]> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Saturday, May 25, 2002 4:22 AM Subject: RE: Emergency: Authorize. net woos
> On 5/25/02, Mark A. Kruger - CFG penned: > >If you are using ADC Direct Response (not relay - direct), the type of > >implementation where you get a comma delimited list in return for your post, > >then you are not "yet" required to use the refer URL. Here's a snippet from > >the integration doc that Auth.net published. > > I've been trying to get an answer out of them why the > password-required mode will soon be implemented. All they'll say is > "Security Reasons". I've told them that my concern is that now, > everyone's authnet password must be stored on the server or in a > database for hackers to get to. Once they get that, they can simply > log in to authnet's console and credit funds to the credit cards of > their choice. Why on earth should a password be required to submit a > Sale transaction? I mean, if someone has my username only and would > like to put money into my bank account, so be it. It doesn't get THEM > anything. Yes, but if you have any kind of customer support dept doing credits/refunds, you either have to give everyone the password so that they can enter it manually, have only "trusted" personnel do all the credits, or else store that password in the system anyway. If you're manually entering the password, that means you need to change it every time someone who knows the password leaves the company. Storing it in the system is probably the safest. I recall several years ago when first implementing a system using Authorize.net, I was passing the username/password for every transaction. While talking with someone in their support dept about some implementation issue, I mentioned this and was told that for _security_ reasons, I should only pass the password when doing a credit. Go figure. Jim ______________________________________________________________________ Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/[email protected]/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
