We're considering setting up a subdomain 开发者_开发知识库gateway.domain.com
where that sub domain will process all of our payments to authorize.net from possibly multiple sections of our site, our internal and external systems alike. I know it would need SSL and I'm guessing I should accept $_POST from a restricted list of URLs and extreme data validation.
I'm wondering what your thoughts are on this. Are there any security risks that I'm not thinking of?
Putting it on a subdomain doesn't have any security issues associated with it in concept as where the payments are handled on your website really doesn't mean anything as far as payment processing goes. All the usual security issues still apply regardless of where you put it on your website.
There are also no real benefits to this either other than, perhaps, you only need to get an SSL certificate for that subdomain assuming you don't need it anywhere else on your website. But that's barely a benefit if one at all.
精彩评论