I'm a mechanical engineer and a client asked me to implement authorize.net on a site because their web developer wouldn't (weird). After deciding to use AIM, I downloaded the VB.net sample code (ASP.net 3.5) because that's what I am used to and it works well. I noticed other people asked similar questions but I just wanted to make certain this is the correct method.
In the example code, the api login id and transaction key are saved in the Visual Basic code-behind page. Since no one mentioned it, I am guessing that hackers can't access this code-behind page. Is that correct?
I've been reading up on other ways to secure an asp.net site, but this was a big unknown for me.
Thanks for your help,
AJ
Solved! Go to Solution.
10-05-2011 04:02 PM
As long as the id and key is not render to the page. For example, don't put it on a label or textbox, even if is hidden(non-display). Then, they won't get send to user(customer) browser.
As far as hackers can't access this code-behind page. If the hackers gain access to the server, anything is possible.
There is PCI standard you might want to read too.
http://community.developer.authorize.net/t5/The-Authorize-Net-Developer-Blog/PCI-and-You/ba-p/10628
For AIM, the web site need to have SSL for the payment page. If they don't have it, SIM or DPM is the other option.
10-05-2011 04:39 PM
As long as the id and key is not render to the page. For example, don't put it on a label or textbox, even if is hidden(non-display). Then, they won't get send to user(customer) browser.
As far as hackers can't access this code-behind page. If the hackers gain access to the server, anything is possible.
There is PCI standard you might want to read too.
http://community.developer.authorize.net/t5/The-Authorize-Net-Developer-Blog/PCI-and-You/ba-p/10628
For AIM, the web site need to have SSL for the payment page. If they don't have it, SIM or DPM is the other option.
10-05-2011 04:39 PM