X-Cart: shopping cart software

X-Cart forums (https://forum.x-cart.com/index.php)
-   Third Party Add-Ons for X-Cart 4 (https://forum.x-cart.com/forumdisplay.php?f=45)
-   -   Authorize.net DPM (PA/DSS Compliant) (https://forum.x-cart.com/showthread.php?t=57792)

BCSE 04-14-2020 10:51 AM

Re: Authorize.net DPM (PA/DSS Compliant)
 
Quote:

Originally Posted by snowman99
Hi Carrie,

We are using your Authorize.net Accept.js module and I'm wondering which SAQ to use. There is a new one this year called SAQ (A-EP). It is very similar to SAQ (A) that your module recommends. Do you have an update as to which SAQ to use?

Thanks,
Vaughn



Based upon the FAQ I'm seeing, for example on this web page:
https://www.securitymetrics.com/blog/saq-ep-what-and-how

It does seem that the SAQ (A-EP) makes sense.

I hope that helps! Feel free to email us if you have more questions!

thanks,

Carrie

cflsystems 08-13-2020 02:05 PM

Re: Authorize.net DPM (PA/DSS Compliant)
 
A word of caution here. The module encrypts the keys entered in admin - all 3 of them. But it does not add anything to the blowfish regeneration process.
So once you setup the module it will encrypt its settings with current blowfish key but if you then regenerate the blowfish key module settings will not be recrypted. Then all attempts to checkout with CC using this module will fail until the settings are re-entered and saved in admin.

Carrie you should look into this and revise the module. I had to get creative to get it back working on a client's site today as he did not have all the info saved somewhere else.

For anyone else the way I solved it was to modify the bcse decrypt function in the module and pass to it the old blowfish key - which you can get from config.php or the backup of the file.
The settings then properly populated in admin and resave encrypts them with the new key.

Don't forget after that to undo changes to the bcse decrypt function.

BCSE 08-17-2020 10:41 AM

Re: Authorize.net DPM (PA/DSS Compliant)
 
Yes blowfish reencryption can mess up several things. We usually just don't recommend doing it as it's just a false sense of security updating it. We've seen sites come completely crashing down because of the amount of orders, etc that has to be redone overloading the server, making it crash and making the reencryption process die mid way, so that some things are encrypted with the new key and some with the old, etc.

Carrie


All times are GMT -8. The time now is 12:44 AM.

Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.