|
Allan Browning
|
November 2, 2016 at 5:52 pm
Hi,
We are using the MIGS payment gateway on our site and have received a notice from our bank (Commonwealth Bank of Australia) that they have a security update. They are no longer supporting MD5 hash encryption and would like us to use SHA256 instead. They will stop accepting payments as of 30 November 2016. They have sent us a developers toolkit with sample code. Can you help with this?
|
|
Josh
|
November 2, 2016 at 6:18 pm
Hi Allan,
Are you certain that the EE4 MIGS uses MD5 hash encryption?
|
|
Allan Browning
|
November 2, 2016 at 6:30 pm
Josh,
To tell you the truth I have no idea. Can I send on the info I have from the bank?
|
|
Josh
|
November 2, 2016 at 6:31 pm
I can send a note over to the developer of the MIGS payment gateway and they’ll be able to look into whether anything needs to be updated.
|
|
Allan Browning
|
November 2, 2016 at 6:34 pm
Josh,
Where can I send the developer toolkit too? It has more information in it and sample code.
|
|
Allan Browning
|
November 2, 2016 at 6:35 pm
We sponsored the original development of the MIGS gateway. I was not aware of any MD5 hashing being involved.
|
|
Allan Browning
|
November 2, 2016 at 7:53 pm
Josh,
I have reviewed the code and can see nothing requiring MD5. I called the bank and it seems like the letter they sent us did not apply to us. Nothing to change. 🙂
|
|
Lorenzo Orlando Caum
|
November 17, 2016 at 8:17 am
Hi Allan,
The MD5 algorithms applies to the hosted or offsite version of MiGS.
The payment gateway for Event Espresso is on-site and does not use the MD5 algorithms.
—
Lorenzo
|
