Not exactly, The @URL can send a secure transaction 1. pre-setup an array containing all the authorize.net field names and data 2. bring up a form to the customer (without the exposed account info) 3. Take the submitted form data and combine it with the preset array data 4. invoke an https through @URL with the array in a post format. 5. get error.
The problem seem to be in this. the @URL is a different referrer than the client to the authorize.net server Ben Johansen - http://www.pcforge.com Authorized Witango Reseller http://www.pcforge.com/WitangoGoodies.htm Latest downloads & List Archives @ http://www.witango.ws -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Chris Millet Sent: Friday, September 27, 2002 4:19 PM To: Multiple recipients of list witango-talk Subject: Re: Witango-Talk: Initiating a secure clientconnectiontoapayment gateway OK. Just to be clear: From what you are indicating, a form with 'action="https..."' isn't secure going from client to server without a previous connection. Therefore, try to get it to work using <@URL> because the connection would be server to server vs. client to server? Right? Chris > That's what get me started, the > <input type=hidden ...> > is not very secure. > > Anyone can view source and see account information > Also if you rely on type=hidden people can grab the page change the data > in the hidden fields and repost from another server > > Ask Dave Shelley about this, he is very versed at knowing how to prevent > this. > > Ben Johansen - http://www.pcforge.com > Authorized Witango Reseller http://www.pcforge.com/WitangoGoodies.htm > Latest downloads & List Archives @ http://www.witango.ws > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Cornelius Conboy > Sent: Friday, September 27, 2002 2:08 PM > To: Multiple recipients of list witango-talk > Subject: Re: Witango-Talk: Initiating a secure client > connectiontoapayment gateway > > Actually, we use ADC relay and pass the adc_url to them along with all > of > the other elements of the transaction form as seprately defined, hidden, > post arguments. > > I can't remember precisely why we did it that way - it was a couple of > years > ago - odds are it was easier. > > -Cornelius > > on 9/27/02 1:34 PM, Chris Millet at [EMAIL PROTECTED] wrote: > >> Thanks, I'll give this a try. Am I to assume you are using ADC Direct >> Response (not relay) to do this? >> >> Chris >> ________________________________________________________________________ TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] with unsubscribe witango-talk in the message body ________________________________________________________________________ TO UNSUBSCRIBE: send a plain text/US ASCII email to [EMAIL PROTECTED] with unsubscribe witango-talk in the message body
