Cybersource Developer Community Cybersource Developer Community

Hi. I am new to authorize.net development. I am trying to get SDK working with the "Hello World" example and it seems like the SDK is missing parts and it poorly setup for public use.

From the start the git page indicates: 

"Composer currently has a MITM security vulnerability. However, if you wish to use it..."

So right away I don't want to use it:  for the reason your developers has mentioned, and for general not wanting to include 3rd party apps to our secure app.

The other option is manual including autoloader, but that is missing files: 

- JMS serilizer was missing, and there is no mention of it anywhere in the authorize documentation.

after fixing that I see it is again missing another dependency: phpcollection and again there is no mention of getting that in documentation.

I haven't spend time fixing the other dependency, but since none of these where mentioned in documentation, now I am doubting competency and reliablity of your product. Who knows howmany other dependencies is going to be there, even after I fix the next, and the next.

If any of the developers working for me, made a documentation like yours, or so much dependent on 3rd party code with known security volunability I would have a seriouse talk with them.

How to fix: 

1 -first dicsiplin you team to not put incomple documentation live, and if they did, they don't continue defending incomeleteness after it has been brought to their attention on the forum.

2 -Add documentation about dependensies when SDK is used without composer.

3 -Do not rely on 3rd party library or program for your suppose-to-be-secure code.

Faced the same issues with error :

Fatal error: Class 'JMS\Serializer\Annotation\Type' not found in PATH/lib/net/authorize/util/SensitiveDataConfigType.php on line 6

Fixed it:

1. Don't make any change to composer.json, keep it as it was in downloaded latest sdk

2. To use composer, follow the steps in https://getcomposer.org/download/

3. After getting composer.phar file, on command promt run

php composer.phar install

4. That's it! it downloaded all dependencies

Sorry my access to our Linux Dev server is ftp only.

I am on a Windows workstation. How do I install the PHP SDK on our Dev server?

1) I cannot install Composer on the Linux Machine because it's hosted offsite.

2) Installing PHP and Composer on Windows is possible but ??? ::confused

3) Tried #2 and ran Composer from a download of the SDK directory. Got Errors =(

So is there a FULL set of files from the SDK I can just ftp to our server and make configuration changes to?

"Composer currently has a MITM security vulnerability. However, if you wish to use it..."

It appears that this issue has been fixed. Your post got me wondering since I just installed my sandbox via composer.

Here are the issues on Compsers GitHub account:

https://github.com/composer/composer/issues/4777

https://github.com/composer/composer/pull/4907

I'm no security expert so I'd do my own confirmation.

- D

I believe you can download the SDK and point to autoload.php in your code:

https://github.com/AuthorizeNet/sdk-php

https://github.com/AuthorizeNet/sdk-php/releases

- D

Hello,

These posts are over a year old. But this is the same issue I have with PHP SDK 3rd party dependencies and security issues using Composer. I would like to know if there has been any effort to re-write this PHP SDK removing all 3rd party (vendor) depencies. If not, I will not be upgrading my application to use this new Authorize.net API. 

Please let me know if this PHP SDK is currently being refactored.

Thank you,

Mauro 

Hi @mdutra555 

Yes the team is working on removing the dependencies of the PHP SDKs . 

I will updates more once i have the ETA for it  . 

Thanks