Reply
Highlighted
Member
Posts: 2
Registered: ‎10-05-2011
Accepted Solution

newbie security question

I'm a mechanical engineer and a client asked me to implement authorize.net on a site because their web developer wouldn't (weird).  After deciding to use AIM, I downloaded the VB.net sample code (ASP.net 3.5) because that's what I am used to and it works well.  I noticed other people asked similar questions but I just wanted to make certain this is the correct method.

 

In the example code, the api login id and transaction key are saved in the Visual Basic code-behind page.  Since no one mentioned it, I am guessing that hackers can't access this code-behind page.  Is that correct?

 

I've been reading up on other ways to secure an asp.net site, but this was a big unknown for me. 

 

Thanks for your help,

 

AJ


Accepted Solutions
Solution
Accepted by topic author aj23
‎08-21-2015 01:58 AM
Expert
Posts: 4,525
Registered: ‎03-08-2010

Re: newbie security question

As long as the id and key is not render to the page. For example, don't put it on a label or textbox, even if is hidden(non-display). Then, they won't get send to user(customer) browser.

As far as hackers can't access this code-behind page. If the hackers gain access to the server, anything is possible.

There is PCI standard you might want to read too.

http://community.developer.authorize.net/t5/The-Authorize-Net-Developer-Blog/PCI-and-You/ba-p/10628

For AIM, the web site need to have SSL for the payment page. If they don't have it, SIM or DPM is the other option.

View solution in original post


All Replies
Solution
Accepted by topic author aj23
‎08-21-2015 01:58 AM
Expert
Posts: 4,525
Registered: ‎03-08-2010

Re: newbie security question

As long as the id and key is not render to the page. For example, don't put it on a label or textbox, even if is hidden(non-display). Then, they won't get send to user(customer) browser.

As far as hackers can't access this code-behind page. If the hackers gain access to the server, anything is possible.

There is PCI standard you might want to read too.

http://community.developer.authorize.net/t5/The-Authorize-Net-Developer-Blog/PCI-and-You/ba-p/10628

For AIM, the web site need to have SSL for the payment page. If they don't have it, SIM or DPM is the other option.