|
|
Posted by Michael Vilain on 03/02/07 01:51
In article <1172784801.571566.193560@31g2000cwt.googlegroups.com>,
"C." <colin.mckinnon@gmail.com> wrote:
> On 1 Mar, 05:35, Michael Vilain <vil...@spamcop.net> wrote:
> > I setup credit card charging with a combination of php and perl. It's
> > running on a shared server, so I had to use a protected perl script with
> > the constants like passwords and hash keys in the script. The script is
> > run by CGIwrap under my account's UID rather than as the web server's
> > UID.
> >
>
> I can't imagine what problem this sensibly solves. What is a
> 'protected' perl script? I assume you mean with different permissions
> on ownership, and running under a different uid. If the POST is
> initiated by the CC handler, then there's no need to store passwords
> in order to receive it.
In the shared environment of my ISP, all the web pages must be readable
by the web server. In order for a file containing passwords etc. to be
protected from other users with shell access, I had to set permissions
to rwx------. The web server would not be able to "see" that page and
would report a "forbidden" return code if it were run as a web page. By
placing the perl script in my cgi-bin and setting it's permissions to
700, it could only be run by the ISP's CGIwrap package as my UID, thus
allowing it to be "seen" by the web browser.
http://cgiwrap.sourceforge.net/
>
> > Perl seems to be suited to do SSL submissions to authorize.net, receive,
> > and process their reply.
>
> Why?
Not sure what you're asking here. All I can say is that the code to
open the SSL connection and send the payment info to authorize.net's
processor site was very straightforward (LWP::UserAgent CPAN module).
The result of the connection is the information returned as a binary
array. I just parse it and display the OK or credit card failure page
accordingly.
Of course, YMMV. I just couldn't see how to code PHP to connect to a
SSL web site, submit a POST request, and process the result. I'm sure
it could be done, but then I'd have to embed passwords which others
could read. If PHP were offered as a CGI scripting language, then I
would have tried it. But my ISP didn't offer that option.
--
DeeDee, don't press that button! DeeDee! NO! Dee...
Navigation:
[Reply to this message]
|