Forum OpenACS Improvement Proposals (TIPs): Re: TIP #33 (Proposed): deprecate the PayflowPro package

Posted by C. R. Oldham on

Another reason to deprecate this is that is statically linked against an *old* version of OpenSSL (0.9.5-something).  Since Verisign is loathe to provide an updated version, you may be opening your site to an attack of some sort if bugs in that version of OpenSSL can be exploited somehow via

Granted, the attack surface is pretty small, but you never know.

Posted by Jeff Davis on
I approve of this as well (if only because verisign
is the devil).