Re: Re: $_POST issues

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Dec 1, 2010 at 16:32, Nadim Attari <nadim@xxxxxxxxxxxxxxxx> wrote:
>
> Thank you Daniel for this detailed post of yours. Really appreciated.

    Quite welcome.

> Saving the $_POST data (in response.php) in a file will serve nothing. - And
> you said this was an unnecessary step from the payment gateway - All i need
> is the result of the transaction, which I'll get in receipt.php thr' $_GET.
>
> All I can say is that I do not have any control on the payment gateway (you
> may realise it has been badly implemented - if it is not too harsh to say
> like that)

    Not too harsh at all.  If anything, you're being too kind.  ;-P

> Another unnecessary step occurs in send_transaction.php - you have seen that
> once the XML data is sent to the payment gateway (well SBM asked me to send
> like that - i mean no declaration, just the tags), the gateway sends back
> <paymentid> and <paymentpageurl> and i have to redirect my browser to that
> page, concatenating the paymentid in the query string. --- this should have
> been done automatically by the payment gateway itself. Really baffling.

    I agree.  It seems as though it's a very clunky setup, unless
there's a different way it's supposed to be done that their API docs
explain.

> I think I'll report this to my boss, who shall contact the client (YU
> Lounge). Now up to the client to decide whether they'll be doing business
> with SBM payment gateway solution or not.
>
> BTW, would you recommend someone to use this payment gateway ? What are your
> comments on such payment gateway implementation ?

    I'd honestly never heard of this service until you submitted the
original post in this thread.  However, knowing what we've already
ascertained in this short time, as well as other things I've noticed,
I would highly advise against using the service.  Three key issues I
see are: (1) unnecessary processes and slow response times; (2)
insecurities, including data disclosure and plain-text GET/POST calls;
(3) poor data validation and error handling.  If the client would
permit the use of another service, I'd recommend researching some of
the alternatives.

> Anyway thanks again for your time and help Daniel.

    My pleasure.

-- 
</Daniel P. Brown>
Dedicated Servers, Cloud and Cloud Hybrid Solutions, VPS, Hosting
(866-) 725-4321
http://www.parasane.net/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux