Guest Posted February 23, 2003 Posted February 23, 2003 That's interesting byunkook....the user authentication failed normally implies that your PartnerID, VenderID, UserID, or Password is incorrect. I have the same VenderID as PartnerID I do not know if this is the same for others. Are the test transactions showing up in the verisign manager with the pfpro_file.exe? If so thats cool. Additionally, I've thought of a method to enhance security partaining to the previous discussion with Jazz. I think I can write out an XML file containing all the pertinant information then remove the file (this way, the data would not be viewable from a "ps" command). However, there is the fact that a file will exist for that timeframe with cc data. At anyrate I may add that enhancement next. Quote
jazz Posted February 23, 2003 Posted February 23, 2003 (Sometimes the problem with written language is that the tone of voice cannot be properly expressed :)). When I'm learning I ask questions. I appreciate the time you spent on working on this contribution and answering my questions. I in no way meant to accuse you of "opening security holes" or wanted to start a "security debate" and if it sounded like that I sincerely apologize :huh:. I'm just trying to understand the innerworkings of payflow and have had a hard time finding this kind of information from verisign or the PHP, *nix documentation, etc. I'm trying to gage the level of risk there is with various systems under various conditions and then make a determination on what I'm willing to do. Basicially: What is the most secure Payflow Pro setup in a shared environment (where some users may obtain SSH)? And is the most secure option in this environment an acceptable risk (i.e. would I be neglibable in using that kind of system)? Once again, I apologize if you felt attacked. :huh: p.s. Though you are incorrect in stating that "any shared environment" is capable of being compromized. Sorry, statement was actually a question and I'm thinking of any shared environment where others could have SSH access. (notice the 'possible'). Quote
Guest Posted February 23, 2003 Posted February 23, 2003 Jazz, Good points, I in no way feel attacked and do apologize if I came on strong...I just despise security issues when the developers accused when the majority of security breaches I've seen were the sole responsibility of the System Administrator (my comment on the security of the server being paramount to the security of the code). You are correct in your persuit of security as it is a constant concern for all on the internet. I believe Verisigns solution to the "ps" question is thier pfpro-file transmission that requires a small XML parser to be written to transmit and recieve credit card transations. I believe that will be my next enhancement. Quote
byunkook Posted February 24, 2003 Posted February 24, 2003 What I meant by working is the the website, not the test transcation. I don't see the test transaction in the verisign manager. I guess I have to use the pfpro.exe with right input in the fields. My input in the fields are for the testing: PayflowPro Host Address: test-payflow.verisign.com PayflowPro Host Port: 443 PayflowPro Transaction Type: S PayflowPro Transaction Tender: C PayflowPro Partner : actual partner name that I put in when I log in to verisign manager. PayflowPro Vendor: arttest&PARTNER=VeriSign PayflowPro User : actual user name that I put in when I log in to verisign manager. PayflowPro Password : actual password that I put in when I log in to verisign manager. PayflowPro Transaction Timeout: 45 I have no proxy server. Can you correct me if my inputs are wrong? Thank you. Quote
jazz Posted February 24, 2003 Posted February 24, 2003 Posting while I was writing...I think it's a great idea, Marshall. I've been on the web/IRC all day trying to find out how big of a risk it is. Some said that the PHP pfpro functions may not show up in ps...Basicially conflicting information. I was trying to think of a way to encrypt the parameters sent to the executable...:tellme:? Either way I think the XML file idea is a good one. :thumbsup: Even better if that file were somehow encrypted so that if anybody did have access to that file they would still have to crack the encryption. Just now somebody suggested a kernel parameter which prohibits users from listing other processes other than their own. Don't know if this is available for Red Hat servers (I run FreeBSD at home but most servers are Red Hat). Quote
Guest Posted February 24, 2003 Posted February 24, 2003 byunkook, My Partner name is Verisign (I use them). My Vendor name is the same is the same as my User name which I put into the verisign manager. If you are setup like me, you will need to put Verisign into the Partner name field and your username into the Vendor and User fields. Let me know if this works for you. Quote
dreamhost Posted April 15, 2003 Posted April 15, 2003 I am having similar problems. I am running this script on linux I can run the test connection successfully receiving the 0 response from the command line. If I put the final config to PayflowPro Executable /verisign/linux/bin/pfpro and run a transaction I get an error connecting to host If I put the final config to PayflowPro Executable /verisign/linux/bin/pfpro-file I get no error and it says all went through, however when I check through the verisign manager the tests don't show up. any ideas? thanks in advance Quote
rgcote Posted May 3, 2003 Posted May 3, 2003 I'm really new at this so maybe I'm missing something obvious but when I installed the fix you posted, I got the following error when I went into the admin module: Fatal error: Cannot redeclare pfpro_init() in /var/www/html/includes/functions/php_pfpro.php on line 61 I grep'ed through the code and pfpro_init is only declared in one place. Any clues? Quote
brandblast Posted July 18, 2003 Posted July 18, 2003 Can anyone help me install the payflow pro sdk? I'm not sure how to get the sdk setup on my shared linux box. Quote
corvidean Posted July 24, 2003 Posted July 24, 2003 I had that "cannot redeclare pfpro_init()" problem too. The I founf out that PHP had been recompiled to include the pfpro functions. I removed the one include of php_pfpro and it worked. Well, now I'm getting unexplained decline errors, but that's something else. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.