| aboutweb |
| Visitor |
|
 |
| Joined: 21 Oct 2003 |
| Posts: 27 |
| Location: Seattle Wa |
|
|
|
|
 |
|
BIG NEWS!!!!
I have been working with StormPay to get their security fixed!!
GUESS WHAT they actually replied and have FIX IT!!!
Here is a copy of their reply
I have also gone and did a hack in to see if return URL could be veiwed
IT IS FIXED!
Jim
Message
Hello Jim, My Name is Jim Grago and I am in charge of Programming and Technology here at Stormpay. Recently I was made aware of a problem that you introduced that people are able to view your source code at our payment page. I am please to let you know that my programmers have made an update that eliminates this problem.
My programmers have changed to a new technology that passes your form variables "behind the scenes" and when you goto view source on the payment page, you will see a blank "" value.
This is what my programmer wrote to me:
The data that StormPay considers sensitive (return_URL, cancel_URL, notify_URL, transaction_ref, user_id, user1 to user5 fields) are NO where insight (hidden), and that we DELIBERATELY pass those variables as BLANK in our Pay forms.
Please have a look at the checkout form now and you will see what I mean. Thank you for your input in this matter. We are striving to make Stormpay #1 in the payment processing world and its input from our members (Like you) that help us improve.
Thank you,
Jim
StormPay.com |
|
