Authorize.net consumes my response_url, which is on HTTP, into their HTTPS hosted dll. How can I specify that their dll should be on HTTP, so that my CSS and JS files get pulled in correctly?
I don't have a way of getting access to an SSL host at the moment.
Edit: First, we send from HTTP to their HTTPS hosted form. On their server. Then, their server consumes our HTTP page and dispalys it in their HTTPS response dll.
I only want their response_dll to be on HTTP. I don't see a security issue with that, and imagine there is a way to do this, as their service offering is meant for people without SSL enabled.
Edit2: I'm using their Simple Checkout API.
Answering my own question, based on some advice to contact tech support directly. I did, and their response was:
"We can only relay the html content. We do not offer to relay other content such as images. It is necessary that any images you want to include are hosted using https."
Edit --
I attempted to include a single logo image as a base64 string inside a static html page. That failed with a "script timeout". I speculate this is due to the size of the html file after using that string.
This is a total failure on the part of Authorize.Net
Related
I am working on a scraping project to extract web data from a website. I have made a script to go through URLs and parse HTML contents and get the structured content into my database.The script was working fine,but recently the script got stuck and on investigation it was found that the target site is blocking our IP.
I am using PHP / CURL for this project,now I am getting a 403 error - Access Forbidden, error on a web request.
This has affected the working of my script,no pages could be retrieved from web request,every time I am getting an access restricting error.
I know there are lot of scraping etiquette's to be followed.Since we can't foresee how they had implemented the security features,I was confused on normalizing the web request calls.
I'm working on an amazon AWZ instance with an elastic IP,hence I am confused on when/whether they would lift the ban on my IP.
I have heard of rotating proxy methods to be used with scraping,such that the target server won't block you often.But I'm not sure about it's implementation.
Any help would be highly appreciated.I could provide any additional information if necessary.
sign in to the site to get an API id.
if you send a request to the site with API id and URL. it will send a request to the required URL with a random API and return a response.
just sign in and try it
signup
I want to make php script that replace the execution of this kind of a link:
YM! Iron Man
So when the php script is called/executed, it will open Yahoo Messenger application window that prepared to send IM to tonystark.
Can I use header instead? but what type of header it would be?
The ymsgr is a custom protocol that is configured to start Yahoo Messenger, which is able to parse appropriate parameters following the ":".
This question (how do I create my own URL protocol?) may be relevant as it shows how it is possible to add custom URL protocols. The example is for Windows only but it must be a similar approach for other operating systems.
To make a story short, ymsgr: opens Yahoo Messenger because your system can recognize it and that Yahoo Messenger is its associated action.
The ymsgr in the link is a predefined protocol on your PC. Just like http, https and ftp are protocols known to your system. If you want to create custom protocols to be handled by the pc of your visitor, you must have them install something that will add the protocol to the system. Only then will the pc know what to start.
A good example of a non-standard installed protocol is skype. The links to add a user to your skype or chat with them only works if the visiting person has Skype installed. Otherwise an error occurs on the computer; "I don't know this protocol, what to do?"
So using a header to replicate the link will not work. Simply because your PC will not understand a header; it will only understand links to protocols, as if you are opening a page (http,https), email application (mailto), ftp programme (filezilla, unless handled by browser) etc etc.
SSL is installed to my VPS correctly. I want to use ssl in some pages of my website. Every form in these pages are starting with "https://", too. But browsers don't accept it.
What are the possible reasons?
There may be a number of reasons. Last time I got it on my site was when I was using an iframe with external content and a flash widget loaded via an external javascript. Both were accessed via HTTP and messed my site's trustworthiness.
So. Check all your external content: javascripts, widgets, iframes, images, stylesheets... You may be loading them via HTTP, which in turn may make Chrome claim the SSL certificate has a problem.
I would try checking it via something like this first : http://www.sslshopper.com/ssl-checker.html
You might also try running curl -verbose https://yourlink.com from the console in order to get detailed printout of where the hiccups are.
I'm developing a project using Javascript, PHP and OpenLayers. A lot of maps are loaded using and HTTPS connection against an external OGC server.
When I try to load the map using HTTPS, they doesn't load (instead of, they show me an "Error loading the map, try again later").
I think that the problem is because of Digital Certificate. If I load directly from the server (using a WMS call) like this (look the last parameter):
https://serverurl/ogc/wms?service=WMS&version=1.1.0&request=GetMap&layers=ms1:lp_anual_250&styles=&bbox=205125.0,3150125.0,234875.0,3199875.0&width=306&height=512&srs=EPSG:4326&format=application/openlayers
The browser ask me for my authorization to see it. If i accept the Digital Certificate, I can see the map. After that, and because of my browser now accepts the certificate, I can see my own map from my own application.
So, the question is: Is there any way to ask for the Digital Certificate mannually when the user access to my web?
Thanks in advance!
PS: solutions using PHP are welcome too because I'm using CodeIgniter to load views
You could try opening the WMS URL in a div or perhaps a hidden iframe - that may cause the browser to pop up its 'Unknown cert' dialogue.
Im going to quote another user (geographika) from gis.stackexchange. I hope can help to someone with my issue:
You can use a proxy on your server so
all client requests are made to your
server, which deals with the
certificate, gets the request and
passes it back to the client. For PHP
have a look at
http://tr.php.net/manual/en/function.openssl-verify.php
If you are also using WMS software
(MapServer, GeoServer) you could
implement the same technique using a
cascading WMS server.
For details on how to do this in
MapServer see
http://geographika.co.uk/setting-up-a-secure-cascading-wms-on-mapserver
How would you use https ?, would sending information via GET and POST be any different while using https ?
Any information and examples on how https is used in php for something simple like a secure login would be useful,
Thank you!
It will be no different for your php scripts, the encryption and decryption is done transparently on another layer.
Both GET and POST get encrypted, but GET will leave a trace in the web server log files.
HTTPS is handled at the SSL/TLS Layer, not at the Application Layer (HTTP). Your server will handle it as aularon was saying.
SSL and/or HTTPS is used to provide some level of confidentiality for data in transit between the web users and the web server. It can also be used to provide a level of confidence that the site the users are communicating with is in fact the one they intend to be.
In order to use SSL, you'll need to configure these capabilities on the server itself, which would include either purchasing (an authority-signed) or creating (a self-signed) certificate. If you create your own self-signed certificate, the level of confidence that the site is the intended one is significantly reduced for your users.
PHP
Once your webserver is able to serve SSL-protected pages, PHP will continue to operate as usual. Things to look out for are port numbers (normal HTTP is usually on port 80, while HTTPS traffic is usually on port 443), if your code relies on them.
GET & POST Data
Pierre 303 is correct, GET data may end up in the logs, and POST data will not, but this is no different than a non-SSL web server. SSL is meant to protect data in transit, it does nothing to protect you and your customers from web servers and their administrators that you may not trust.
Secure Login
There is also a performance hit (normally) when using SSL, so, some sites will configure their pages to only use https when the user is sending sensitive information, for example, their password or credit card details, etc. Other traffic would continue to use the normal, http server.
If this is the sort of thing you'd like to do, you'll want to ensure that your login form in HTML uses a ACTION that points to the https server's pages. Once the server accepts this form submission, it can send a redirect to send the user back to the page they requested using just http again.
Just ensure you're sending the correct headings when allowing files to be downloaded over ssl... IE can be a bit quirky. http://support.microsoft.com/kb/323308 for details of how to resolve