https://community.developer.cybersource.com/t5/Integration-and-Testing/possible-ways-to-make-silent-post-url-script-secure/m-p/52053#M27351 <P>Hello,</P><P>&nbsp;</P><P>anyone know possible ways to make our script to handle authorize silent post url response secure ? if someone knows/ crack&nbsp; our slient post url and try to run manullay from browser or hack script then it may create problem with our system.</P><P>&nbsp;</P><P>can we use HTTP_REFERER or something else to make this happen ?</P><P>&nbsp;</P><P>Thanks!</P> Mon, 07 Sep 2015 06:43:39 GMT tatvaauthorize 2015-09-07T06:43:39Z https://community.developer.cybersource.com/t5/Integration-and-Testing/possible-ways-to-make-silent-post-url-script-secure/m-p/52053#M27351 <P>Hello,</P><P>&nbsp;</P><P>anyone know possible ways to make our script to handle authorize silent post url response secure ? if someone knows/ crack&nbsp; our slient post url and try to run manullay from browser or hack script then it may create problem with our system.</P><P>&nbsp;</P><P>can we use HTTP_REFERER or something else to make this happen ?</P><P>&nbsp;</P><P>Thanks!</P> Mon, 07 Sep 2015 06:43:39 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/possible-ways-to-make-silent-post-url-script-secure/m-p/52053#M27351 tatvaauthorize 2015-09-07T06:43:39Z https://community.developer.cybersource.com/t5/Integration-and-Testing/possible-ways-to-make-silent-post-url-script-secure/m-p/52066#M27363 <P>Hello&nbsp;<a href="https://community.developer.cybersource.com/t5/user/viewprofilepage/user-id/14511">@tatvaauthorize</a></P> <P>&nbsp;</P> <P>A silent post will always originate from the same IP addresses as documented here:&nbsp;<A href="https://community.developer.authorize.net/t5/Integration-and-Testing/Authorize-Net-Relay-Response-Silent-Post-Whitelist-IP-Addresses/m-p/48151/highlight/true#M24281" target="_blank">https://community.developer.authorize.net/t5/Integration-and-Testing/Authorize-Net-Relay-Response-Silent-Post-Whitelist-IP-Addresses/m-p/48151/highlight/true#M24281</A></P> <P>&nbsp;</P> <P>Richard</P> Tue, 08 Sep 2015 15:39:39 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/possible-ways-to-make-silent-post-url-script-secure/m-p/52066#M27363 RichardH 2015-09-08T15:39:39Z https://community.developer.cybersource.com/t5/Integration-and-Testing/possible-ways-to-make-silent-post-url-script-secure/m-p/53328#M28454 <P>Another method of ensuring that a transaction Silent Post or Relay Response is legitimate and from Authorize.Net is to set an&nbsp;MD5 Hash setting&nbsp;in the Merchant Interface and verify the resulting hash returned in the response. This feature is documented in the AIM and SIM documentation.</P><P>&nbsp;</P><P>We like to verify both the hash and the IP.</P><P>&nbsp;</P><P>Fritz</P> Tue, 15 Dec 2015 15:52:43 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/possible-ways-to-make-silent-post-url-script-secure/m-p/53328#M28454 coppercup 2015-12-15T15:52:43Z