https://community.developer.cybersource.com/t5/Integration-and-Testing/Writing-to-the-authorize-net-log-file/m-p/83014#M52324 <P>I'd like to add a couple comments here related to the security of the PHP version of the log file.</P><P>1)&nbsp; change the name of the log file - clearly it shouldn't be anything similar, add a date</P><P>2)&nbsp; add some security to the log file:<BR />&nbsp;&nbsp;&nbsp;&nbsp; a)&nbsp; add a unique subfolder to the LOG pathname,<BR />&nbsp;&nbsp;&nbsp;&nbsp; b)&nbsp; change the LOG extention to .PHP, then<BR />&nbsp;&nbsp;&nbsp;&nbsp; c)&nbsp; find the Log.php file in \authnet\lib\net\authorize\util and change line #269</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; file_put_contents($this-&gt;logFile, $logMessage, $flags);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; to<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; file_put_contents($this-&gt;logFile, "\n&lt;?php\n".$logMessage."\n?&gt;", $flags);</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; so that the contents of the log file are wrapped in PHP delimiters, and will hide all the contents of the file in case someone guesses the log file name and tries to download it.&nbsp;</P><P>all the above at least adds some layers of obfuscation that make things harder to crack.</P> Mon, 06 Jun 2022 16:29:27 GMT jnewman67 2022-06-06T16:29:27Z https://community.developer.cybersource.com/t5/Integration-and-Testing/Writing-to-the-authorize-net-log-file/m-p/49821#M25351 <P>I don't know if it is important, because things seem to be working OK with integration using the SIM method.&nbsp; However, I was wondering how to write logging information to the authorize-net.log file ?&nbsp; It is configured it my phphunit_config.php file:</P><P>&nbsp;</P><P>define( "AUTHORIZENET_LOG_FILE",&nbsp; "authorize-net.log");</P><P>&nbsp;</P><P>and it looks like it uses authorize-net.log by default if you don't define it.&nbsp; However, I am not seeing any data in the log file.&nbsp; Is that something that you have to turn on or is it suppose to do it by default?</P><P>&nbsp;</P><P>I only see that in code in HttpClient.php, AuthorizeNetRequest.php and in the test suite.&nbsp; Just curious about what gets written there by default, if anything and how to enable it.</P> Sat, 28 Feb 2015 14:37:27 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/Writing-to-the-authorize-net-log-file/m-p/49821#M25351 sscotti 2015-02-28T14:37:27Z https://community.developer.cybersource.com/t5/Integration-and-Testing/Writing-to-the-authorize-net-log-file/m-p/49909#M25433 <P>&nbsp;</P> <P>Hi <SPAN class="UserName lia-user-name"><A id="link_23" class="lia-link-navigation lia-page-link lia-user-name-link" href="https://community.developer.cybersource.com/t5/user/viewprofilepage/user-id/18017" target="_self"><SPAN class="">sscotti</SPAN></A></SPAN>,</P> <P>&nbsp;</P> <P>If defined, the PHP SDK logfile should have information primarily from the httpclient class. This logging should not be enabled for production use because it logs full post data.</P> <P>&nbsp;</P> <P>Thanks,</P> <P>Joy</P> Fri, 06 Mar 2015 22:32:46 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/Writing-to-the-authorize-net-log-file/m-p/49909#M25433 Joy 2015-03-06T22:32:46Z https://community.developer.cybersource.com/t5/Integration-and-Testing/Writing-to-the-authorize-net-log-file/m-p/83014#M52324 <P>I'd like to add a couple comments here related to the security of the PHP version of the log file.</P><P>1)&nbsp; change the name of the log file - clearly it shouldn't be anything similar, add a date</P><P>2)&nbsp; add some security to the log file:<BR />&nbsp;&nbsp;&nbsp;&nbsp; a)&nbsp; add a unique subfolder to the LOG pathname,<BR />&nbsp;&nbsp;&nbsp;&nbsp; b)&nbsp; change the LOG extention to .PHP, then<BR />&nbsp;&nbsp;&nbsp;&nbsp; c)&nbsp; find the Log.php file in \authnet\lib\net\authorize\util and change line #269</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; file_put_contents($this-&gt;logFile, $logMessage, $flags);<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; to<BR />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; file_put_contents($this-&gt;logFile, "\n&lt;?php\n".$logMessage."\n?&gt;", $flags);</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; so that the contents of the log file are wrapped in PHP delimiters, and will hide all the contents of the file in case someone guesses the log file name and tries to download it.&nbsp;</P><P>all the above at least adds some layers of obfuscation that make things harder to crack.</P> Mon, 06 Jun 2022 16:29:27 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/Writing-to-the-authorize-net-log-file/m-p/83014#M52324 jnewman67 2022-06-06T16:29:27Z https://community.developer.cybersource.com/t5/Integration-and-Testing/Writing-to-the-authorize-net-log-file/m-p/83015#M52325 <P>update - missed something - the replacement code should be</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; file_put_contents($this-&gt;logFile, "\n&lt;?php /*\n".$logMessage." */\n?&gt;", $flags);</P><P>this will wrap comment markers around the code, preventing the log files from throwing errors in your site's log file&nbsp; <LI-EMOJI id="lia_slightly-smiling-face" title=":slightly_smiling_face:"></LI-EMOJI></P> Mon, 06 Jun 2022 16:52:36 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/Writing-to-the-authorize-net-log-file/m-p/83015#M52325 jnewman67 2022-06-06T16:52:36Z