That's what get me started, the <input type=hidden ...> is not very secure.
Anyone can view source and see account information Also if you rely on type=hidden people can grab the page change the data in the hidden fields and repost from another server Ask Dave Shelley about this, he is very versed at knowing how to prevent this. Ben Johansen - http://www.pcforge.com Authorized Witango Reseller http://www.pcforge.com/WitangoGoodies.htm Latest downloads & List Archives @ http://www.witango.ws -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Cornelius Conboy Sent: Friday, September 27, 2002 2:08 PM To: Multiple recipients of list witango-talk Subject: Re: Witango-Talk: Initiating a secure client connectiontoapayment gateway Actually, we use ADC relay and pass the adc_url to them along with all of the other elements of the transaction form as seprately defined, hidden, post arguments. I can't remember precisely why we did it that way - it was a couple of years ago - odds are it was easier. -Cornelius on 9/27/02 1:34 PM, Chris Millet at [EMAIL PROTECTED] wrote: > Thanks, I'll give this a try. Am I to assume you are using ADC Direct > Response (not relay) to do this? > > Chris > -- Cornelius Conboy Forestweb, inc 1801 Avenue of the Stars suite 520 Los Angeles, CA 90067 (310) 553-0008 This email (including all enclosed documents) is intended only for the use of the intended recipient and may contain information that is privileged or otherwise exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this email is strictly prohibited. If you have received this email in error, please destroy all copies and notify us immediately. ________________________________________________________________________ TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] with unsubscribe witango-talk in the message body ________________________________________________________________________ TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] with unsubscribe witango-talk in the message body
