We all started somewhere! Share your experience on the Get Advice: Let's Get Started Sweepstakes thread and be entered to win a $100 credit on your Constant Contact account.

edit_contact.php security whole

Occasional Participant

edit_contact.php security whole

I am trying to use the API for Constant Contact so that I can match the form with the site.  I have it working but noticed when I pull up www.mysite.com/edit_contact.php that it is loading in a value for someone in the mailing list.  Obviously this is a bit of a secrity whole so I want to fix it.  Any ideas on what could be causing this issue and how to turn it off?


Hey Quentin -
I'm noticing what you're talking about in the file, but this wouldn't be considered a security hole. Mostly because our code samples are not built as functioning programs. The samples that we put up on the site are more of starting steps for web developers to learn how to use our API with whatever they're used to coding in.
Using the GET variable seems to be the easiest way to learn the code. Instead of coding in an entire secured session system, we decided to put in a bare-bones script for developers to include their own security into. It's possible to use POST variables or sessions to do the same things that our sample files do...with a little added security.
If you want or need any help with putting together something a little more secure, I would suggest visiting our Marketplace. There are web devs there that commission out their help for these types of situations.

Nick Galbraith
Support Engineer
Developer Portal

View API documentation, code samples, get your API key.

Visit Page