dadamssg87 Posted July 21, 2011 Share Posted July 21, 2011 This may be a long shot but is there a way to configure your server to disable certain POSTs? I'm working with the Authorize.net SIM API which after a successful transaction you can get authorize.net to POST data to a particular web page. The POST sends back customer name, amount of transaction, date, billing information, shipping information, and it also post back the credit card like so "XXXXXXXX3043". To limit my exposure to any kind of credit card information i'd rather just disable the $_POST['x_card_number'] that gets posted. Is that possible? Link to comment https://forums.phpfreaks.com/topic/242503-disable-certain-posts/ Share on other sites More sharing options...
TeNDoLLA Posted July 21, 2011 Share Posted July 21, 2011 Yes it is possible. Modify the code that sends the POST variables to not send the not wanted POST variables. Link to comment https://forums.phpfreaks.com/topic/242503-disable-certain-posts/#findComment-1245526 Share on other sites More sharing options...
dadamssg87 Posted July 21, 2011 Author Share Posted July 21, 2011 i can't modify authorize.net's code... Link to comment https://forums.phpfreaks.com/topic/242503-disable-certain-posts/#findComment-1245533 Share on other sites More sharing options...
TeNDoLLA Posted July 21, 2011 Share Posted July 21, 2011 Don't think it is possible to prevent it then from posting. I am not really familiar with that API, but maybe there is some settings you could define how it will respond ? Link to comment https://forums.phpfreaks.com/topic/242503-disable-certain-posts/#findComment-1245535 Share on other sites More sharing options...
Adam Posted July 21, 2011 Share Posted July 21, 2011 POST data is just sent as a simple sting to the web server. Plus you can't "conditionally deny a request" without the server having received it. What are you going to do with the last 4 digits though? It's sent that way purposefully to make it useless. Link to comment https://forums.phpfreaks.com/topic/242503-disable-certain-posts/#findComment-1245545 Share on other sites More sharing options...
dadamssg87 Posted July 21, 2011 Author Share Posted July 21, 2011 Absolutely nothing. I only want to store Customer name, transaction ID, and the amount but since the POST has cardholder data, that requires my server and code to be PCI compliant...which is a headache. Link to comment https://forums.phpfreaks.com/topic/242503-disable-certain-posts/#findComment-1245746 Share on other sites More sharing options...
phpSensei Posted July 21, 2011 Share Posted July 21, 2011 Absolutely nothing. I only want to store Customer name, transaction ID, and the amount but since the POST has cardholder data, that requires my server and code to be PCI compliant...which is a headache. Who else will be able to see POST['x_card_number']? I dont see the security issue here. Link to comment https://forums.phpfreaks.com/topic/242503-disable-certain-posts/#findComment-1245789 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.