tags:

views:

75

answers:

4
+1  Q: 

how do I use "server side code" to hide sensitive data from browser view?

In setting up a SSL payment page for online sales it is suggested by the merchant services company that the sensitive data (i.e., merchant credentials, ID and SSL pin, etc) be hidden with the use of Server Side Code. I have been unable to find, after hours of searching, a comprehensive definition of server side code and how it could be used for this purpose. Don't care if the customer views the rest of the code, just want to hide a section. Have seen something that says 

<script runat="server">

that looks like the phrase I need, but where do I put it in my block of code? I have

<form action="https:www.mmmmmmm.com/vvvvvvv/process.do method="post">

and then 10 lines such as

<input type="hidden" name= "ssl show_form" value="true">
<input type="hidden" name="ssl_pin" value=hhhhhh">

Please help.. and I am very new to this, so keep it simple? Thanks!!

+1  A: 

Anything between the <?php ?> tags will run server-side. For example:

<?php

 echo "hello from the server!";

?>

This code will not be visible to a user - they will only see any output that you generate inside these tags using print, echo, if-else around HTML blocks, etc.

Justin Ethier  2010-02-19 20:53:44
wow, that worked and it was SO simple! Thanks a million!
Pam  2010-02-19 21:04:46
Pam, this problem is not as simple as you think it is. Echoing inputs and other values in between PHP tags will not hide them from anyone. I think that your payment processor (and it *would* help to know who it is) wants you to make the submission entirely on the server — which means that you need to know much more about PHP (or whichever language you're using) than this.
Sidnicious  2010-02-19 21:20:56
Usually the payment provider also provides documentation to developers with code samples about how to carry out financial transactions in PHP and other popular server-side languages.
John K  2010-02-19 22:16:19
+1  A: 

Think your Merchant Services don't want you including fields such as your "ssl_pin" in the HTML; so all customers can see it.

You'll have to choose and implement a method of storing the details you want hidden on the server, and combining these secret details with the submission of the correct form once the form gets submitted.

Matt  2010-02-19 20:58:01
A: 

You need to use some server side language like php, asp.net, ruby... with that then your page should post back its values to your server side page/webservice and then that will handle talking to your merchant services' site.

jamone  2010-02-19 21:03:06
+1  A: 

I suggest you look into using PHP Sessions and store these values in the $_SESSION array. Session value keeps with the user, even when they go to another page, and it's stored server side.

But keep in mind in the US you MUST follow US PCI security requirements, which means you CAN NOT store things like credit card numbers, so make sure your server's PHP session timeout is short, like 5-15mins, and also don't store these values in a database either.

TravisO  2010-02-19 22:13:34

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases