28, May 2012

How to make a form secure - webmaster forum

 
Webdigity webmaster forums
[ Home | Help | Search | Forum's Shop | Archive | Login | Register | Webmaster Directory ]
Webdigity Webmaster Forums  >  Web Development  >  Security
Topic: How to make a form secure
« previous next »
Pages: [1] Print
Instabuck - The easy way to sell digital products online

Author Topic: How to make a form secure  (Read 3971 times)
What's HTML?
****
Gender: Male
Posts: 408
2466 credits
Members referred : 2



« on: Oct 18, 2007, 10:24:38 am »

I need to create a page that a visitor can enter the details of their credit card to be send to my clients email for a withdrawal
what steps I need to follow in order to make sure the transaction is secure ?

Just redirecting to the https:// address will do ? I am new to this !!

Any pointers would be appreciated


Last blog : Offline Promotion Of Your Website
I am a metal monkey!
Administrator
Community Supporter ?
Jedai Sword Master
*****
Gender: Male
Posts: 5799
46391 credits
Members referred : 3



« Reply #1 on: Oct 18, 2007, 11:01:20 am »

Why don't you use an online service for that? Paypal is great, and winbank is the best in Greece Wink

Otherwise whatever you do is not really secure. You would need https, plus cyphered emails....

Trial and Error my two best teachers Cool
Join us @ facebook or twitter

Last blog : Butterfly Marketing 2.0
Global Moderator
Community Supporter ?
Jedai Sword Master
*****
Gender: Male
Posts: 6691
34714 credits
Members referred : 374


It's time to use PHP5!


« Reply #2 on: Oct 18, 2007, 11:01:43 am »

this form has to be on a secure site Wink

you need also some fraude protection (check IP address country against the country from the CC)

don't allow to enter the CC number without some previous entered information (login?) (to be sure that the information is from a human and not a bot) If you hide the form from the public it's more safe and easier to protect.

Global Moderator
Community Supporter ?
Jedai Sword Master
*****
Gender: Male
Posts: 6691
34714 credits
Members referred : 374


It's time to use PHP5!


« Reply #3 on: Oct 18, 2007, 11:02:13 am »

what are "cyphered emails"

I am a metal monkey!
Administrator
Community Supporter ?
Jedai Sword Master
*****
Gender: Male
Posts: 5799
46391 credits
Members referred : 3



« Reply #4 on: Oct 18, 2007, 11:09:29 am »

what are "cyphered emails"

I mean encrypted mails Smiley

Trial and Error my two best teachers Cool
Join us @ facebook or twitter

Last blog : Butterfly Marketing 2.0
Global Moderator
Community Supporter ?
Jedai Sword Master
*****
Gender: Male
Posts: 6691
34714 credits
Members referred : 374


It's time to use PHP5!


« Reply #5 on: Oct 18, 2007, 11:12:59 am »

what are "cyphered emails"

I mean encrypted mails Smiley

you mean encrypting the text two (like the binary files)

I think the storage with a safe database would be better, just send a mail with the information about the submission to the company...

I am a metal monkey!
Administrator
Community Supporter ?
Jedai Sword Master
*****
Gender: Male
Posts: 5799
46391 credits
Members referred : 3



« Reply #6 on: Oct 18, 2007, 11:15:40 am »

Yeah, but how do you know that your database is safe? Especially when you are on a shared hosting account, I think it is a big risk.

Trial and Error my two best teachers Cool
Join us @ facebook or twitter

Last blog : Butterfly Marketing 2.0
Global Moderator
Community Supporter ?
Jedai Sword Master
*****
Gender: Male
Posts: 6691
34714 credits
Members referred : 374


It's time to use PHP5!


« Reply #7 on: Oct 18, 2007, 11:18:47 am »

Yeah, but how do you know that your database is safe? Especially when you are on a shared hosting account, I think it is a big risk.
shared hosting is really bad in all circumstances, after creating some more complicated web applications you need to use a dedicated server.

I think shared hosting is OK for a simple website without visitors and for learning, I learned the last time that searching for good shared hosting is was wasting time Sad

What's HTML?
****
Gender: Male
Posts: 408
2466 credits
Members referred : 2



« Reply #8 on: Oct 18, 2007, 11:22:39 am »

Thanks guys for the answers,

Nick
when you say paypal you mean just redirect them to paypal ? and they handle the security ?
Winbank Is that with Pireos Bank ? and how does it work ? what is needed programmatically on my end ?


Last blog : Offline Promotion Of Your Website
I am a metal monkey!
Administrator
Community Supporter ?
Jedai Sword Master
*****
Gender: Male
Posts: 5799
46391 credits
Members referred : 3



« Reply #9 on: Oct 18, 2007, 11:28:58 am »

Both of them take care of the transaction, but programatically you connect with them so you know when a client bought something, what exactly ordered and if he/she paid for it.

What you actually do is that you send an id (order id) and when the transaction ends paypal (or winbank) posts back the information regarding the order.

Winbank is the internet division of Pireos.

Trial and Error my two best teachers Cool
Join us @ facebook or twitter

Last blog : Butterfly Marketing 2.0
What's HTML?
****
Gender: Male
Posts: 408
2466 credits
Members referred : 2



« Reply #10 on: Oct 18, 2007, 11:36:20 am »

Nick I have worked with paypal IPN before
winbank is sort of the same process right ?

Thanks


Last blog : Offline Promotion Of Your Website
I am a metal monkey!
Administrator
Community Supporter ?
Jedai Sword Master
*****
Gender: Male
Posts: 5799
46391 credits
Members referred : 3



« Reply #11 on: Oct 18, 2007, 11:40:19 am »

Never used winbank before (only one project that I didn't wrote code) but I think it is the same thing.

The only thing I know for sure is that they are the safest bank in Greece.

Trial and Error my two best teachers Cool
Join us @ facebook or twitter

Last blog : Butterfly Marketing 2.0
Global Moderator
Community Supporter ?
Jedai Sword Master
*****
Gender: Male
Posts: 6691
34714 credits
Members referred : 374


It's time to use PHP5!


« Reply #12 on: Oct 18, 2007, 11:45:11 am »

what payment provider you use you should use their platform to handle the payment process.

this is more trustful for the visitor and more safe, at the moment I'm developing a payment option for some site in the Netherlands (using iDEAL and CC).

I use the "internet-kassa" from the bank at the moment the product and customer data is collected. Fixing al wholes in a application without the payment process is work enough Smiley

Bill Cosby is my Father
*
Posts: 4
28 credits
Members referred : 0


« Reply #13 on: Feb 01, 2008, 07:51:26 pm »

what payment provider you use you should use their platform to handle the payment process.

this is more trustful for the visitor and more safe, at the moment I'm developing a payment option for some site in the Netherlands (using iDEAL and CC).

I use the "internet-kassa" from the bank at the moment the product and customer data is collected. Fixing al wholes in a application without the payment process is work enough Smiley

I could not agree more.  It is always best to use an established platform to process very sensitive information.

Banks and other financial institutions pay huge sums of money to develop secure payment gateways, simply because their reputation is at stake every time the gateway is used.

To code something from scratch that handles CC payments in a highly secure way would be very time consuming, and then the testing and deployment of the application would probably take even longer than its creation.

Finally after all that effort, if you forgot to cover even the smallest security issue, you could end up in a very sticky situation with both your customers and the local authorities.

Most merchant accounts with banks (the accounts that allow you to process credit cards when the customer is not present) will insist you use their gateway anyhow.

I personally am not a fan of PayPal and the way they do business, however it is the best gateway for people who do not have access to merchant facilities of their own.  When people go to pay for something I believe they are re-assured by the paypal logo and thus more likely to buy.

The downside of course is the terrible charge back system where the seller usually loses out. 
Bill Gates is my home boy
*****
Gender: Female
Posts: 710
4449 credits
Members referred : 2



« Reply #14 on: Apr 10, 2008, 07:29:19 am »

I think any web designer should tread very carefully when asked to create a payment system. If something goes wrong there is the issue of liability for both the company and the web designer. I would hate to see anyone get sued or held financially responsible if the credit card information ends up getting stolen and used to make $xxxx's in fraudulent purchases.

www.yourmessageconsultant.com, providing online content and printed marketing materials.
www.helpforwebbeginners.com, Tutorials and how to's for new  webmasters.
www.CraftyTips.com, a unique Arts & Crafts Directory
www.nocans.com - Pet Food Recipe Site
www.petsiteguides.com - A New Pet Directory

Last blog : Spring Cleaning at Crafty Tips
Community Supporter ?
Hunky Junky Monky Man!
**
Gender: Male
Posts: 68
436 credits
Members referred : 0


Schwa?


« Reply #15 on: Apr 12, 2008, 08:52:49 pm »

I would tend to agree.  Working with CC information and Health Insurance Information daily, I can tell you how much QA and INSURANCE we have to run these type of gateways. 

You can do a lot of work with the various cashier websites out there.  I would never, ever accept a contract that would require anything but that. 
Trackback URI for this entry : http://www.webdigity.com/trackback.php?topic=7263
Tags : secure transactions php Bookmark this thread : Digg Del.icio.us Dzone more....

Pages: [1] Print 
Webdigity Webmaster Forums  >  Web Development  >  Security
Topic: How to make a form secure
« previous next »
Jump to:
User Area
Welcome, Guest. Please login or register.
Did you miss your activation email?
May 28, 2012, 08:04:57 pm





Login with username, password and session length

Donate to our community, and get a permanent link back to your site!

Donate to our community, and get a permanent link back to your site!






Web Design Gallery · Whois Lookup · Pagerank · Tag Browsing · Lo-fi version · Syndication · Webmaster forum history · Advertise
Developed by HumanWorks © 2005 - 2012 Webdigity webmaster community · sublime directory
Webdigity Webmaster Forums | Powered by SMF 1.0.12. © 2001-2005, Lewis Media. All Rights Reserved.