Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:
Hi PerlMonks,
I have developed a small script to interface with my authorize.net merchant account to take one time payments - I am concerned with security and I just want to seek the comments on good secure programming practices.
The snippet of the script which actually posts the data to authorize.net is from a perlmonks node, it uses Net::SSLeay. As it is a one time fee no cc data is stored - i know that would add a new dimension to the security of the number.
The file is also run under a shared ssl cert on my local server. The only security risk I can see would be if a hacker gained access to my system and altered my code to do something with the cc transactions.
Anyway, thats a brief overview of what I have done - I just wanted to see if there are any hints or tips people can give me, or any good reads on credit card transactions.
You should consider the possibility of spoofed responses appearing to come from the authorization server. That could happen during DoS attacks on them, or man-in-the middle attack on you. It's not a cgi security matter in the narrow sense, but it certainly matters to the merchant.