https://community.developer.cybersource.com/t5/Integration-and-Testing/newbie-security-question/m-p/17706#M9876 <P>I'm a mechanical engineer and a client asked me to implement authorize.net on a site because their web developer wouldn't (weird).&nbsp; After deciding to use AIM, I downloaded the VB.net sample code (ASP.net 3.5) because that's what I am used to&nbsp;and it works well.&nbsp; I noticed other people asked similar questions but I just wanted to make certain this is the correct method.</P><P>&nbsp;</P><P>In the example code, the api login id and transaction key are saved in the Visual Basic code-behind page.&nbsp; Since no one mentioned it, I am guessing that hackers can't access this code-behind page.&nbsp; Is that correct?</P><P>&nbsp;</P><P>I've been reading up on other ways to secure an asp.net site, but this was a big unknown for me.&nbsp;</P><P>&nbsp;</P><P>Thanks for your help,</P><P>&nbsp;</P><P>AJ</P> Wed, 05 Oct 2011 23:02:04 GMT aj23 2011-10-05T23:02:04Z https://community.developer.cybersource.com/t5/Integration-and-Testing/newbie-security-question/m-p/17706#M9876 <P>I'm a mechanical engineer and a client asked me to implement authorize.net on a site because their web developer wouldn't (weird).&nbsp; After deciding to use AIM, I downloaded the VB.net sample code (ASP.net 3.5) because that's what I am used to&nbsp;and it works well.&nbsp; I noticed other people asked similar questions but I just wanted to make certain this is the correct method.</P><P>&nbsp;</P><P>In the example code, the api login id and transaction key are saved in the Visual Basic code-behind page.&nbsp; Since no one mentioned it, I am guessing that hackers can't access this code-behind page.&nbsp; Is that correct?</P><P>&nbsp;</P><P>I've been reading up on other ways to secure an asp.net site, but this was a big unknown for me.&nbsp;</P><P>&nbsp;</P><P>Thanks for your help,</P><P>&nbsp;</P><P>AJ</P> Wed, 05 Oct 2011 23:02:04 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/newbie-security-question/m-p/17706#M9876 aj23 2011-10-05T23:02:04Z https://community.developer.cybersource.com/t5/Integration-and-Testing/newbie-security-question/m-p/17708#M9877 <P>As long as the id and key is not render to the page. For example, don't put it on a label or textbox, even if is hidden(non-display). Then, they won't get send to user(customer) browser.</P><P>As far as hackers can't access this code-behind page. If the hackers gain access to the server, anything is possible.</P><P>There is PCI standard you might want to read too.</P><P><A target="_blank" href="http://community.developer.authorize.net/t5/The-Authorize-Net-Developer-Blog/PCI-and-You/ba-p/10628">http://community.developer.authorize.net/t5/The-Authorize-Net-Developer-Blog/PCI-and-You/ba-p/10628</A></P><P>For AIM, the web site need to have SSL for the payment page. If they don't have it, SIM or DPM is the other option.</P> Wed, 05 Oct 2011 23:39:25 GMT https://community.developer.cybersource.com/t5/Integration-and-Testing/newbie-security-question/m-p/17708#M9877 RaynorC1emen7 2011-10-05T23:39:25Z