Automatic testing security issues?
Posted by Rok Žlender on August 1, 2006 at 11:21am
One of the biggest concerns about automatic testing is how to prevent potentially dangerous code to cause harm to the server and other tests.
Read moreHandling callback security with contrib ecommerce payment modules..
Posted by Dublin Drupaller on June 21, 2006 at 12:38pm
Hi guys,
I recently updated the worldpay.module for 4.7 and included an automated "callback" after the order is processed...i.e. the worldpay server tells the drupal site that the transaction was either APPROVED or CANCELLED (Denied happens at the worldpay end and the order is cancelled).
So a Drupal site admin who is setting up their worldpay enabled shop, enters in the worldpay_callback
the worldpay server sends the "y" or "c" flags to. The problem is securing that transfer of information or in other words, validating the source.