cancel
Showing results for 
Search instead for 
Did you mean: 

newbie security question

I'm a mechanical engineer and a client asked me to implement authorize.net on a site because their web developer wouldn't (weird).  After deciding to use AIM, I downloaded the VB.net sample code (ASP.net 3.5) because that's what I am used to and it works well.  I noticed other people asked similar questions but I just wanted to make certain this is the correct method.

 

In the example code, the api login id and transaction key are saved in the Visual Basic code-behind page.  Since no one mentioned it, I am guessing that hackers can't access this code-behind page.  Is that correct?

 

I've been reading up on other ways to secure an asp.net site, but this was a big unknown for me. 

 

Thanks for your help,

 

AJ

aj23
Member
1 ACCEPTED SOLUTION

Accepted Solutions

As long as the id and key is not render to the page. For example, don't put it on a label or textbox, even if is hidden(non-display). Then, they won't get send to user(customer) browser.

As far as hackers can't access this code-behind page. If the hackers gain access to the server, anything is possible.

There is PCI standard you might want to read too.

http://community.developer.authorize.net/t5/The-Authorize-Net-Developer-Blog/PCI-and-You/ba-p/10628

For AIM, the web site need to have SSL for the payment page. If they don't have it, SIM or DPM is the other option.

View solution in original post

RaynorC1emen7
Expert
1 REPLY 1

As long as the id and key is not render to the page. For example, don't put it on a label or textbox, even if is hidden(non-display). Then, they won't get send to user(customer) browser.

As far as hackers can't access this code-behind page. If the hackers gain access to the server, anything is possible.

There is PCI standard you might want to read too.

http://community.developer.authorize.net/t5/The-Authorize-Net-Developer-Blog/PCI-and-You/ba-p/10628

For AIM, the web site need to have SSL for the payment page. If they don't have it, SIM or DPM is the other option.

RaynorC1emen7
Expert