We have been using ServerXMLHTTP to send https POST's for credit card processing. Recently one of our users experienced a problem resulting in the error "An internal error occurred in the Microsoft Windows HTTP Services". The problem was resolved by updating IE. Now the user is claiming that our use of "internet explorer dll's" is a security problem. Of course, I know that the issue is with the MS XML Core Services. So my question is...is it safe to use MS XML Core Services, particularly the ServerXMLHTTP object to send https POST's?
A:
ServerXMLHTTP uses WinHTTP (not an IE dll) which for SSL in turn uses Windows services to create a Secure socket. You may as well be asking "Are windows Secure sockets safe?". I'm not sure exactly how far down the network stack code in other browsers reach but I suspect many of them still rely on the underlying operating system for this level of service.
Is it safe? Of course the answer "yes" will elicit stories or examples where it is not. Is it safe enough (conditional on the client machine having not been itself compromised in some way)? Yes.
AnthonyWJones
2009-05-13 20:48:23
+1
A:
As much as I dislike such things, since you're dealing with user's credit card, it might be advisable to deny them from submitting their information on too-outdated browsers. This will prevent such senarios in the future, helping to protect you from possible litigation, and has the added benefit of protecting your users, on your site and others.
In my experience working IT for a few years, the biggest thing you can do to protect your computer is to keep it up to date - far more important even than antivirus or firewall protection*.
*Obviously, they're still very important, don't get me wrong.
dimo414
2009-06-12 01:13:53