Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Redirect and posting of encrypted information

Posted on 2004-09-07
13
Medium Priority
?
149 Views
Last Modified: 2013-12-24
So i have form, the users fill out, moves to a verify page which displays the information entered and calculates the costs, then he is prometed to submit. upon submit, a page open with a notification then this page has a  cfheader that referesh after 10 sec. and takes the user to the online payment processor. that all works perfect, the only problem is that the total amount due is displayed in the url, and if he edits this total amount, the online payment processor charges the edited value not the one passed from our site!

How can i do the redirection and send the information so that the user cannot edit it?
0
Comment
Question by:MMsabry
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 3
13 Comments
 
LVL 21

Expert Comment

by:pinaldave
ID: 11998196
Hi MMsabry,
you can store your information in the session or application (not preferable) variable before you redirect.
Then after you can retrive those information new page.
You do not have to use url or forms param for that...

Regards,
---Pinal
0
 

Author Comment

by:MMsabry
ID: 11998245
sorry! the cc processing ask that we send them a url linke something like this
https://www.cardprocessorname/xxx/xxx/pay?myid=123&total=123&invoiceid=123&
now i need to hide everything after "pay"
0
 
LVL 21

Expert Comment

by:pinaldave
ID: 11998296
Hi MMsabry,
here you can not do anything... as it is their page of cardprocessorname...
and the way they retrive the stored info..it is upto them... you can not change anything here..
if this was my page... i might have to stuck things in session or even in url.total param and retrive them without passing them to url...but you can do nothing here... you can talk with them and see what alternative they offer.

Regards,
---Pinal
0
Simplify Your Workload with One Tool

How do you combat today’s intelligent hacker while managing multiple domains and platforms? By simplifying your workload with one tool. With Lunarpages hosting through Plesk Onyx, you can:

Automate SSL generation and installation with two clicks
Experience total server control

 

Author Comment

by:MMsabry
ID: 11998374
hi pinal
thanks, i already contacted them and waiting!!, i will keep the question open to see if someone has any ideas!
0
 
LVL 21

Expert Comment

by:pinaldave
ID: 11998432
No problem, let us wait what other experts says.
Regards,
---Pinal
0
 
LVL 17

Expert Comment

by:anandkp
ID: 12003462
Have a look at URLEncodedFormat() & URLDecode()
OR
<CFSET mykey = "Anand"><!--- set the key value for encrypt & decrypt --->

Encrypt the contents of the URL by using
#Encrypt(QUERY_STRING,mykey)#
so that users cannot edit the query string

& then later decrypt it as
#Decrypt(QUERY_STRING,mykey)#

hope that helps ...
0
 
LVL 21

Expert Comment

by:pinaldave
ID: 12003570
hello Anand,
That is true but buddy... the url is passed to the credit card company... so user do not have control on that side of credit card...
that is what I was telling above that... he needs to contact the credit card...
if we have control on the other side buddy... I will try to use form variables or something like that...
otherwise, I respect your idea as always,
Good Day,
---Pinal
0
 

Author Comment

by:MMsabry
ID: 12004111
here is what the company said:
"
We do support MD5 hash checking so you can verifiy the integrity of the sale
to prevent this.

The MD5 hash is created as follows.

md5 ( secret word + vendor number + order number + total )"

Now i know what the md5 is and what is the hash, I'm still waiting for them to explain a little more how should i do that, or where on the url string passed to them this hashed key
0
 
LVL 17

Accepted Solution

by:
anandkp earned 2000 total points
ID: 12013200
try using CFHTTP - i think it wld solve ur issues & u wldnt have the need to encrypt / hide any information
0
 

Author Comment

by:MMsabry
ID: 12018128
hey anandkp,
what you indicated is true, but the problem is: my payment processor when you first go there, you get a page that says the total amount and give you some options to chosse from (e.g. pay by credit card, pay by check, etc.) now when i click to proceed to the actual payment page, all the information is lost, no total amount, nothing the whole thing is empty! I think the cfhttp passes the info correctly to the first page, but it is lost afterwords!
Is there any known solution to this?
0
 
LVL 17

Expert Comment

by:anandkp
ID: 12024695
use form submission to pass values via hidden fields to subsequent pages - so that the information is retained.
0
 

Author Comment

by:MMsabry
ID: 12025089
Sorry,
you mean, i take the values and put them in a hidden form, or do you mean using the cfhttpparam form and submitting that?
0
 

Author Comment

by:MMsabry
ID: 12025132
to add to that, can one do something like
<cfheader name="refresh" value="10; <cfhttp  method="post" url="https://flkjshfklj"> <cfhttpparam name="1" type="formfield" value="xyz"></cfhttp>">

The idea is to still be able to display the page, then redirect after 10 seconds, and still use the cfhttp?
is there another way?
0

Featured Post

Understanding Web Applications

Without even knowing it, most of us are using web applications on a daily basis. Gmail and Yahoo email, Twitter, Facebook, and eBay are used by most of us daily—and they are web applications. We often confuse these web applications tools for websites.  So, what is the difference?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever sent email via ColdFusion and thought of tracking this mail to capture the exact date and time when the message was opened ?  If yes, then this article is for you ! First we need a table user_email with columns user_id , email , sub…
Article by: kevp75
Hey folks, 'bout time for me to come around with a little tip. Thanks to IIS 7.5 Extensions and Microsoft (well... really Windows 8, and IIS 8 I guess...), we can now prime our Application Pools, when IIS starts. Now, though it would be nice t…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question