Quote:
Originally Posted by djscrib
I realize it's still being built but here's a feature request to consider. Your XMLPay interface allows you to do raw transactions, but requires that the username/password for the account be passed in xml.
To increase security what about generating a random security key (A Guid would work fine) for each account and passing that instead. Users could reset their security key whenever they wanted.
This way if the data sent was ever captured, the "hacker" would wind up with an API key, and the only damage they could do with it is bill their own credit card account basically. They couldn't log into a user's account and withdraw money.
Also, it would allow you to give the key to a 3rd party shopping cart provider to perform transactions on your behalf, without worrying about them logging into your account and stealing your shit.
|
The xml api is over ssl on our side, this means that even if the stream is intercepted by a "hacker" during its transit the contents would be encrypted anyway. Using SSL encryption means that if the stream were to be intercepted the person intercepting would require private keys to be able to decode the information, and consequentially the passed username and password. This could potentially take years to crack and, during that time, we'd hope that your passwords would be updated for your own security reasons.
This is certainly a feature we could implement, or even issuing private key pairs to establish direct secure connections to us rather than using SSL over HTTP... but we feel HTTPS does cover the requirements for security in this case. If this is something that does really concern you though we'll be happy to discuss it further and try to come up with a solution that fits better with your needs.
__________________
I seo'd my hair yesterday and today it's pr7!
RIP Texas Dreams
Are you a content producer or program owner sick of tube sites? Contact me on ICQ: 39-183769