Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Passing form data to a secure server

Status
Not open for further replies.
AlbertAguirre

AlbertAguirre

Programmer
Nov 21, 2001
273
US
Please help.

I need to pass data to a secure server (totally different URL) but the data contains a login and password.

The GET method is out because obviously the password will be displayed in the URL.

I thought about the POST method but the password will be revealed if the user "views source".

Any other way to pass form data securly?

This is the best technical forum in the world! Thanx in advance...
 
Sort by date Sort by votes
The other address is also yours?

If so, you can comunicate with the server, send him some info, and then when you redirect the user to this site he already knows who he is.

Well, an example:

you use CURL to comunicate with the HTTPS server. You send to it the username, the password and the IP address of the user. Then, in the secure server you keep this data. Then redirect the user to some page in the HTTPS server. Here you check if you already have credentials of this user, in this IP. If so, check the credentials that you have got.

If you need more help, go to and Anikin
Hugo Alexandre Dias
Web-Programmer
anikin_jedi@hotmail.com
 
Upvote 0 Downvote
No the server is not mine.
I am setting up online credit card processing for a friend and he signed up with a merchant account provider that requires us to send the data to thier servers for processing. This data includes a login and password.
I dont want the login and password for that server to be revealed to users so this is my dilemma...
How to send form data without allowing the user to see confidential info.
 
Upvote 0 Downvote
Maybe I'm not seeing it but what difference does it make if the user (who resumably is putting in the password), views the page source and sees his own password? I think you'll be ok with post and a submit button. There's always a better way...
 
Upvote 0 Downvote
First, thank you for your response.
I dont think I'm making myself clear, sorry about that.

My friend has a login and password that I must pass to the merchant account server. This is the only way a customer could have his credit card approved.
The customer is not providing the password.

In other words:
1) you sign up for a merchant account
2) they give you a URL and login and password to access your account
3) your form must pass this login and password along with the credit card number to the URL they specify in order to get a rejection or acceptance of the credit card

I dont want the user to see this info. Makes sense?
 
Upvote 0 Downvote
Of course, use Curl, as described above. It allows your server to behave as a browser and make a request to the remote server. Then you pass the data back to the browser through your server. You can effectively treat the remote server as a "web service", which your server queries for response data. Your viewer need not even know there is a remote server involved.

Now, the only caveat here: if you are taking credit card data from your viewers, you should make sure things are secure on your side. Run SSL, please. If not, then find another e-commerce gateway.

Honestly, it is ridiculous for an e-commerce gateway to force you to send the password in plain text like that. Most systems give you an external account number and ask for HTTP_REFERER location. Your username and password should only be for you to access the "control panel" for settings, reports, etc... -------------------------------------------

"Now, this might cause some discomfort..."
(
 
Upvote 0 Downvote
I use a Credit card gateway and what i need to send them is only our reference, the value of the transaction and our ID. Afterwars it's their job to read the card info and the other info.

My advices for CC gateways is Verisign Payflow, and Worldpay Select Junior. You can find everything in their home sites in and
But if you work like you specified before, just use CURL to communicate with the gateway. With that you can send information to post the data you need.

Another point rycamor refered, you MUST use a server certificate to encode all data between your server and your costumer. This certificates are safe but not free. I can tell you that a certificate will cost you arround 125 USD. Another thing, don't keep the CC numbers in your own Database in plain text. Encript them.


Anikin
Hugo Alexandre Dias
Web-Programmer
anikin_jedi@hotmail.com
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

R
  • Question
How Can I Use MySQL To Send Data To An Email
Replies
1
Views
254
Chris Miller
Chris Miller
P
  • Locked
  • Question
JPgraph - How to stop a line graph from dropping to zero?
Replies
2
Views
366
Chris Miller
Chris Miller
Brianfree
  • Locked
  • Question
Dropdown list data generator
Replies
3
Views
268
Brianfree
Brianfree
EdLentz
  • Locked
  • Question
I need a simple example of how to send a table of info .
Replies
8
Views
407
EdLentz
EdLentz
rogerte
  • Locked
  • Question
How to parse associative array
Replies
13
Views
1K
Chris Miller
Chris Miller

Part and Inventory Search

Sponsor

Back
Top