whmcs module problem
I hired someone to create a payment gateway module for my WHMCS website
I'm afraid he's going to enter a php code and get our customers' details, email, phone numbers.
Is it possible to commit such thefts through the whmcs Payment Gateway module?
How can we protect our site from such a thing?
Is there a way to test it once it is created?
Thanks everyone
Comments
If the code is not encoded with something like ioncube/open-to-read, you can always get the code audited by someone else as well?
if the code is encoded with ioncube etc, then there isn't much you can do apart from lookup the connections on your server when a payment is made and block away any unknown IPs or similar, but then again, if you are getting the code made on request (ie, paying for it), you can always ask the developer to not encode the code.
CrownCloud - Internet Services | Los Angeles, California | Frankfurt, Germany | Amsterdam, The Netherlands | Atlanta, Georgia | Miami, Florida