mario kulka wrote:
> Did enyone have to create a script to process credit cards using the AIM
> method through the AuthorizeNet gateway? I'm a little bit lost. There
> are few things I must do and never done before:
> [e.g. open a SSL connection between my hosting server and their gateway
> and then post the data (credit card number, name, etc..) using a script.]
> I used HTML forms to post data but never a script. Also, what about the
> safety concern of the following scenario:
> 1. My site displays a form to gather credit card info
> 2. Then posts to my script
> 3. My script sends that data and the transaction key (password) to their
> file for processing.
> Q: What if someone just looks up the source of my form and submits their
> own data to step 2 ? My script would still process everything and send
> it all to step 3?
> I know I could create a digest through MD5 based on let's say
> amount+secret_word and pass it as hidden to the form. Then my script in
> step 2 could verify if the data is valid or if someone tried to send
> their own stuff, but in that case what's the use of the transaction key
> as the security parameter?
Haven't used the service personally, but you might want to have a look at:
Might help answer your questions and provide code that you then wouldn't
need to write. Always nice when there is already a wheel...