Sourceofarticles.com Menu
Newest Articles
Most Viewed Articles
Sourceofarticles.com RSS
Submit Article
Login
Signup
Search the articles

Articles Main Categories
Advice
Animals
Automobiles
Business
Career
Communications
Computer Programming
Computers
Entertainment
Environment
Family
Fashion
Finance
Food
Health & Medical
Home & Garden
Humor
Internet Business
Internet Marketing
Legal
Leisure & Recreation
Marketing
Other
Politics
Reference & Education
Religion
Self Improvement
Sports
Technology & Science
Travel
Writing
Subscribe
Receive alert message from us when new articles submitted to our site for free.

Enter your name

Enter your email

Syndicate

















Related Products
Home::CGI

How to Stop Digital Thieves with CGI

Author : Steve Humphrey

I'm going to assume you're serious about your business. If
you're not, I can't help you anyway. You've gone as far as
getting a real merchant account to accept credit card payments
online.

You know that this was neither easy or cheap. So does everyone
else! So, a merchant account shows that you've made a serious
commitment to your business. That's good for customer
confidence, which is good for business. So far so good...

Now there's the issue of selling stuff to people online. Your
order form leads them to feed their credit card info to a secure
gateway, using software you bought or leased from (or through)
your merchant account provider. Finally, the transaction is
approved or denied.

If approved, the software generates a receipt and emails you and
the customer each a copy. At this point, the customer is
returned to a page you specified. In the case of downloadable
products, this is often the page where they download your
product. So, you've got the entire process fully automated.

For a product or service with a fairly low price point and a
potential for many thousands of sales, this seems ideal. You can
quite literally make sales and earn income 24 hours a day. So,
what's the problem?

The form code on your order page is the problem. If someone uses
the ViewSource function of their browser, they can see all your
code. If they have even a tiny bit of initiative and skill, they
can locate the URL of your download page. After all, it's right
there in your form code!

CGI provides two ways of fixing this problem. One involves using
a script that makes it impossible to view the source code. You
can find a source for such a script by searching the web. Expect
to pay a lot for this technology.

Another way is to make the return path a script instead of the
actual download location. The script would be used to create and
display the download page. It would not be visible to the
surfer, since it's not an HTML document. The script can also
record details of the transaction for book-keeping purposes.

I admit that I discovered this by trial and error - and a lucky
guess or two. Your merchant account gateway software may have
radically different behavior than mine, but here's what I've
learned:

The gateway uses the POST method to send the customer to your
specified return URL (which can be a script as well as a web
page). It also POSTs most of its input data items at the same
time. They are usually ignored, but your script can read them if
you want to!

Use the names given to the form inputs. Have your script extract
the values of these "named parameters" at the time it creates
the download page. Record what you want to save about the
transaction in your orders file or database.

Now here's the real secret to foiling the thieves. Inside the
script, check to see that the variables you extract contain
non-empty values. Did you get that? Here's an example:

if ($email eq "") {exit;}

In this example, the script expects to get an email address. If
it contains no characters, the script quits instantly. By
testing for the presence of some data in such fields as customer
name, email address, item #, price, etc., you can tell whether
the script was called after a successful transaction - or by a
thief...

Put all your security checks prior to the code that creates the
download page. If any test fails, the script exits and the thief
is left empty- handed. If your form-handling script can convert
a product name to a product ID that's never visible to a
browser, this provides even more security. This will be POSTed
back to the script and you can check for it before allowing the
download.

Close these security holes and you'll make more money. You may
even sleep a little better knowing that people can't steal that
product you worked so hard to create. I know I do!


Related articles


  1. 5 CGI Scripts You Must Use to Turn Your Site Into a Powerhouse
  2. Clever Profit Growth Software
  3. Why Aren't You Using CGI
  4. Use CGI to Automate Your Web Site
  5. CGI: What the Heck Is That?
  6. CGI Security Issues
  7. How to Stop Digital Thieves with CGI
  8. Quick Intro to PHP Development
  9. Better Writing: What Works and What Doesn't
  10. Password Protection and File Inclusion With PHP
  11. Autoresponders With PHP
  12. Track your visitors, using PHP
  13. PHP On-The-Fly!
  14. PHP and Cookies; a good mix!
  15. Screen scraping your way into RSS
  16. Mastering Regular Expressions in PHP
  17. ASP, CGI and PHP Scripts and Record-Locking: What Every Webmaster Needs To Know
  18. Open Source Scripts
  19. this is a test
  20. An Extensive Examination of the PHP:DataGrid Component: Part 1
  21. PHP:Form Series, Part 1: Validators & Client-side Validation
  22. Design an Online Chat Room with PHP and MySQL
More related feeds
How+to+Stop+Digital+Thieves+with+CGIhttp://blogsearch.google.com/blogsearch_feeds?hl=en&q=How+to+Stop+Digital+Thieves+with+CGI&ui=blg&ie=utf-8&num=10&output=rsshow to stop digital thieves with cgi
people type (or paste) in their address, maybe even their name (if you ask for it). when they click the “subscribe” button, cgi sends a message to the server with all the data attached. a cgi program on the server then acts on it. ...

how to stop digital thieves with cgi
cgi provides two ways of fixing this problem. one involves using a script that makes it impossible to view the source code. you can find a source for such a script by searching the web. expect to pay a lot for this technology. ...

BlogTalkRadio - Willie Crawford Teaches REAL Internet Marketing ...
"It's time for hotlinkers and digital thieves to stop profiting at the expense of hard-working online merchants and producers of digital merchandise," Bontrager said. "Users of HotlinkALARM have an advantage over the pirates," ...

how to stop digital thieves with cgi.
learn to use cgi to stop digital thieves.

how to stop digital thieves with cgi
by steve humphrey - for a product or service with a fairly low price point and a potential for many thousands of sales, this seems ideal. you can quite literally make sales and earn income 24 hours a day. so,...

how to stop digital thieves with cgi
(skynewswire.com) i'm going to assume you're serious about your business. if you're not, i can't help you anyway. you've gone as far as getting a real merchant account to accept credit card payments online. ...

What to Pack When Traveling With Your Mac - O'Reilly Digital Media ...
Device-specific USB cables Required when heading out on a longer trip, as you will want to transfer photos from your digital camera or phone to your Mac for editing or backups, or synchronize your iPod with updated podcasts. ...

how to stop digital thieves with cgi
smallbusinessbrief.com - put all your security checks prior to the code that creates the download page. if any test fails, the script exits and the thief is left empty- handed. if your form-handling script can convert a product name to. ...

how to stop digital thieves with cgi
forum: computer security posted by: linda post time: 12th august 2005 at 10:21 pm.

Paylock Generator - CashLoopholes
Quality Software That Provides SO Much Convenience You'll Wonder How You Ever Got By Without It. PLUS You Get Premier Encryption That Will Stop Cyber-Thieves In Their Tracks!" PayLock Generator will allow you to create encrypted PayPal ...

 

 

2008 sourceofarticles.com - All Rights Reserved