Can I get a sample PHP code example which calls SmartyStreets LiveAddress API for address validation?
Sure -- we have sample code at our GitHub repository. There's 3 examples there:
A request to our API using cURL (can handle many addresses at once)
A GET request. Easy, but only supports one address per request
A "SLAP" (Single-Line Address Processing) example which shows how to verify an address if it's not already split into components like street, city, state, etc.
If you have any further questions, I'd be happy to help; I wrote these examples.
If you are developing SmartyStreet code on a test system that doesn't have a secure certificate, you can add this line to disable the certificate test:
if ($bTestSystem) curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
Smarty streets uses the same approach as many other solutions. The user enters an Address and then a lookup is performed and if the address is not found the user is presented a list of valid addresses to select. This is a slower approach that may not be ideal.
A newer approach that may be a better option comes from Addrexx. The Addrexx solutions allows users to autoselect their information from dropdown lists. This speeds the process on entering personal information. Full disclosure: I am a developer at Addrexx. Addrexx is a SaaS that includes complete integration packages for salesforce, magento, big commerce and many more platforms.
You can see the Addrexx approach at http://addrexx.com/ecommerce.html.
Related
Our site uses a content security policy with Braintree's implementation of 3D Secure.
There are multiple calls made by songbird.js (CardinalCommerce implementation of 3D Secure used by Braintree) to third party sites (such as kg668dbov0.execute-api.us-east-1.amazonaws.com, touchtechpayments.com, or arcot.com) which are not documented in the CSP requirements outlined by Braintree here https://braintree.github.io/braintree-web/current/.
These calls to third party sites don't seem to be documented anywhere on the web either, and seem to change at random. Every time there is an undocumented change it breaks our 3DS integration (iFrame doesn't load as the undocumented url is blocked by the CSP).
The urls seem to vary based on the card used (touchtechpayments.com seems to be the Revolut one, arcot.com seems to be HSBC), and I can see a couple others for French banks in our CSP violation report: https://bred.wlp-acs.com for Bred, https://bnpp-3ds.wlp-acs.com for BNP Paribas).
Does anyone know where I can find an up to date list of the content security policy requirements for songbird.js ?
I've created an issue on the braintree github page:
https://github.com/braintree/braintree-web/issues/497
My list so far:
3ds-secure.cardcomplete.com
ecclients.btrl.ro
bofp.erstebank.hu
www.clicksafe.lloydstsb.com
pay.activa-card.com
3dsecure-1.wirecard.com
3dsecure-2.wirecard.com
acssv.otpbank.hu
acs.sia.eu
idcheck.acs.touchtechpayments.com
sicher-bezahlen.sparkasse.at
secure5.arcot.com
It's cleanup time.
I'd like to cleanaup my mails. Therefore it would be nice to have all emails sorted/grouped by domains (optionally by TLD's as well).
I'm already using something similar - the field for the sender's email adress, which was described at https://www.howto-outlook.com/howto/viewsenderaddress.htm, which works perfectly. So I think something similar can be done for the domain (and TLD) as well.
Has someone here either a working solution ans share it or guide me how to achieve this.
Thx.
Remarks:
It's Outlook 2007 without Exchange
Thanks to a big search engine when using the proper words solution can be found. :-)
I have found a solution which displays the Senders Domain: https://www.extendoffice.com/documents/outlook/2190-outlook-view-sender-domain.html
and to Sort and Group on the Domain use
https://www.extendoffice.com/documents/outlook/2187-outlook-sort-group-by-sender-domain.html
In our MVC website log I can see lot of errors with message "A public action method was not found". Requests are coming with junk action method name.
For example if I have action name "GetProducts" then requests are coming with actiona name as "GetProducts AND 1=1" , "GetProducts;id'" , "GetProductswhscheck".
is this because of internet bots are trying to access my website with junk values?
It may be bots, it may be script kiddies, or it may be crackers. Either way - somebody is trying to find vulnerabilities on your site.
Let's look at the first one:
GetProducts AND 1=1"
This looks like an attempt at SQL Injection. There was probably a longer query after the "1=1", trying to get information out of your database - like usernames, e-mail addresses, and so on.
To defend yourself, make sure your queries are parameterized. You may also want to add some form of rate-limiting on your system; if possible, see if you can add captchas.
You may also want to look at this answer on Information Security Stack Exchange, and the OWASP top 10 security vulnerabilities.
Do this as soon as possible, because somebody's trying to break in to your system.
I'm using DotNetKit 1.2.6.5 and SagePayIntegration.Validation() is rejecting a customer email that uses the new .online domain (eg: foo#bar.online) with
CustomerEMail is invalid.
Is this fixed in 1.2.6.7 or is the source code for SagePay.IntegrationKit.DotNet.dll available somewhere so I can fix it?
Despite access to the source code (many thanks to #DavidG) SagePay Support have confirmed that the actual Gateway does not support all these new domains - so even if I modified the DotNetKit it would still be rejected by the Gateway.
SagePay support were very helpful but ultimately the
"... email domain foo#bar.online is not yet supported on our gateway.
We run development sprints continuously and although there are some
domains we may not yet support, we look to in future, dependent on
impact and demand..."
The SagePay Integration Kit uses this regex to validate email addresses:
[a-zA-Z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-zA-Z0-9!#$%&'*+/=?^_`{|}~-]+)*#(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?\.)+(?:[a-zA-Z]{2,4})\b
Which does unfortunately not allow extra long TLDs. Fortunately I have the source code for the kit and I've added it to my GitHub account (along with a bug fix which is why I had to get it in the first place as SagePay are not updating it). You can find it here:
https://github.com/WiredUK/SagePay.IntegrationKit
And the Regex you need to edit is this file:
https://github.com/WiredUK/SagePay.IntegrationKit/blob/801f61cf965c391a98a025aa632949719084cef0/ApiRegex.cs
For info, you need to edit the very last part of the expression from 2,4 (which matches 2 to 4 characters in the TLD) to allow more, for example 2,30.
Edit: And just because I can, I opened an issue and fixed it.
After some searching, I haven't been able to find a definite answer.
If I am given a zip code like 11111, it is technically a valid zip code but it doesn't exist. Is there a way to check this? The same goes for a postal code like a1a a1a (valid but not real).
For United States zipcodes:
You can purchase / download databases of zip codes, which you can use in your local app.
Google for
us zip code database
Here is one that you can use for free for non-commercial purposes (for commercial purposes you can purchase a cheap license):
http://www.unitedstateszipcodes.org/zip-code-database/
There are some providers which allow you to perform remote HTTP calls, search around
For any who stumble onto this and are using Python, this exists: https://github.com/Brobin/usps-api
It doesn't cover all the API functionality, but it makes the standard stuff much easier than constructing XML by hand.