security

We encourage users to post events happening in the community to the community events group on https://www.drupal.org.
Rok Žlender's picture

Automatic testing security issues?

One of the biggest concerns about automatic testing is how to prevent potentially dangerous code to cause harm to the server and other tests.

Read more
Dublin Drupaller's picture

Handling callback security with contrib ecommerce payment modules..

Hi guys,

I recently updated the worldpay.module for 4.7 and included an automated "callback" after the order is processed...i.e. the worldpay server tells the drupal site that the transaction was either APPROVED or CANCELLED (Denied happens at the worldpay end and the order is cancelled).

So a Drupal site admin who is setting up their worldpay enabled shop, enters in the worldpay_callback the worldpay server sends the "y" or "c" flags to. The problem is securing that transfer of information or in other words, validating the source.

Read more
Subscribe with RSS Syndicate content