[bop-devel] AuthorizeNet MD5 Check

Jason Hall jayce at lug-nut.com
Thu Sep 27 09:40:35 PDT 2007


On 9/27/07, Bill Moseley <moseley at hank.org> wrote:
>
> On Thu, Sep 27, 2007 at 07:26:57AM -0700, Bill Moseley wrote:
> > That is if one did:
> >
> >     $tx->amount( $amount );
>
> Sorry, that's suppose to be:
>
>     $tx->content(
>         amount  => $amount,
>         ...
>     );
>
>
> >     $tx->submit;
> >
> > Then it's possible that $tx->amount ne $amount, although they may be
>
> Again there.
>
>
> > equal in value ( == ).  See the AIM docs on how it might be
> > reformatted.
> >
> > I don't see that as a problem, but another option would be instead
> > use a different accessor name:
> >
> >
> >     $self->returned_amount( $col[9] );  # save "amount" from response.
> >
> > so there's no risk of clash.
> >
> > Which would you pick?


Instead I would say that the Auth.net module instead would have this
behavior built into its submit method.  When it gets the response it should
perform validation while all the data is there, then look at an internal
flag to see if it should just warn on mismatch, or die (or other
configurable behavior).

This then uses the data, requires no real interface changes, doesn't affect
other modules, and still allows for a user configured handling of
invalidation.



-- 
Jayce^
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://420.am/pipermail/bop-devel/attachments/20070927/11df7651/attachment.htm 


More information about the bop-devel mailing list