FairPay was designed with security in mind. While it makes every attempt to be as secure as possible, you have to do your part as well.

The biggest pitfall of CGI programming is trusting external data and using it for system calls without vetting it first. This can be catastrophic, and lead to destruction of data. FairPay does not use any remote data in remote commands, nor does it provide you any facility to do so via the program set command file. However, it does not (and can not) prevent you from persuing this extremely hazardous practice within the applications you call from the command file. Those applications could conceivably call other programs unsafely, if you blindly trust data provided from outside your control and use it in a command line context. DO NOT DO THIS. Doing so is tantamount to leaving the keys to your car on the hood while you quickly nip into Wal*Mart for even one small item. There's a good chance your car won't be there when you get back. Likewise, bad things will inevitably happen if you commit this grave security error.

FairPay simply passes the data it obtains without parsing it or censoring it. As a generic application, it can not and should not do so. It is up to you to make sure that your application adequately scans and validates the incoming data to ensure it is safe for use in whatever context is applicable.

Security is one of the biggest issues with CGI programming. FairPay does its best to make the environment safe as possible without compromising the data integrity. It is your responsibility to ensure that your applications use the data safely.

For a complete list of points to check over in your integration efforts, please consult this more comprehensive list that we have released to the public to aid in CGI security education.