https://www.webmaster-forums.net/crss/node/1031935 en https://www.webmaster-forums.net/serverside-scripting/scripting-security#comment-1186970 <p>In the area of taking payments, my thought is use free stuff to learn how to write your own code.</p> <p> I did that on our site, from the login, to the credit card processing to the encrypting of the credit cards to be stored in a database, and the recurring payment processing.</p> <p> These areas were too critical to just put up a canned script. I wanted to make sure I knew what it was doing, and in looking though the code, you learn it enough to write your own customized code. This is my personal preference though, I prefer to know it inside and out.</p> <p> Now if you do opt to use a canned script, either free or paid, I suggest at least going through and changing things like the name of input fields, or aything else that may give people a clue as to what script you are using. As an example, as seen discussd on here before, there has been issues of people putting up a canned guestbook, only to find down the road, someone is using a script to mass post in their guestbook. Someone has a script that knows what information to feed the canned guestbook script to get the data in there. (ie, knows the field names on the form).</p> <p> Again, my prefered method is to custom write my own, but if you do not have the option, do as much as you can to prevent anyone browsing the site from knowing which &quot;canned&quot; scripts you are running in case a security issue were to be known. (ie now that you posted on here which scripts you used, i would recommend against posting your site's address).</p> <p> Keep in mind though I have had a few people tell me I go overboard on security <img src="https://www.webmaster-forums.net/misc/smileys/smile.png" title="Smiling" alt="Smiling" class="smiley-content" /></p> <p> -Greg</p> Fri, 02 Dec 2005 21:41:42 +0000 Greg K comment 1186970 at https://www.webmaster-forums.net