The following warnings occurred:
Warning [2] Undefined array key "threadviews_countguests" - Line: 745 - File: showthread.php PHP 8.1.31 (Linux)
File Line Function
/inc/class_error.php 153 errorHandler->error
/showthread.php 745 errorHandler->error_callback
Warning [2] Undefined array key "allowautourl" - Line: 584 - File: inc/class_parser.php PHP 8.1.31 (Linux)
File Line Function
/inc/class_error.php 153 errorHandler->error
/inc/class_parser.php 584 errorHandler->error_callback
/inc/class_parser.php 228 postParser->parse_mycode
/inc/functions_post.php 830 postParser->parse_message
/showthread.php 916 build_postbit
Warning [2] Undefined array key "allowautourl" - Line: 584 - File: inc/class_parser.php PHP 8.1.31 (Linux)
File Line Function
/inc/class_error.php 153 errorHandler->error
/inc/class_parser.php 584 errorHandler->error_callback
/inc/class_parser.php 228 postParser->parse_mycode
/inc/functions_post.php 861 postParser->parse_message
/showthread.php 916 build_postbit
Warning [2] Undefined property: MyLanguage::$thread_modes - Line: 46 - File: showthread.php(1650) : eval()'d code PHP 8.1.31 (Linux)
File Line Function
/inc/class_error.php 153 errorHandler->error
/showthread.php(1650) : eval()'d code 46 errorHandler->error_callback
/showthread.php 1650 eval




Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Integrating PayPal's shopping cart with GetSimple
#14
jyoz22 Wrote:I'm not sure I understand what you are asking. Everything in the tutorial conforms to PayPal's requirements.
Yes, I understand that your method dynamically produces the PayPal form, which is indeed one of the methods outlined by PayPal.

The problem (if it is a problem – hence my question) is that all the form data is in the page source code, including the PayPal account holder's email address and the price. PayPal mentions this in the Integration Guide:
Quote:Unprotected and non-encrypted buttons that are not saved in your PayPal account are in plain text in the source view of your webpages. The HTML button code for your payment buttons can be viewed by anyone. A malicious third party could copy a page, change button HTML variables such as price, and make fraudulent payments.

IMPORTANT: Merchants with significant payment volume are required to take precautions on securing PayPal Payment Standard buttons.
They are not specific about 'significant payment volume'.

Using these simple PayPal buttons, nothing is encrypted – the form data is available on the page, and in transmission, in clear text.

The alternatives are to either create the buttons using PayPal's tools (the link that you included in your post) or generate buttons dynamically with encryption. The first is okay for a limited range of products that don't change rapidly. The latter solution requires integrating into the website CMS code. Both of these solutions do indeed encrypt the form data and most of it is contained in a single encrypted blob.

Edit to correct: with a hosted button, just the button ID is passed in the form data. I don't know exactly how the dynamic encrypted buttons are handled (though I'm fairly sure they use an encrypted blob).

I am currently using a long text field in a Special Pages page to store the button code (created on the PayPal site), but the inspiration came from your guide – thanks!
--
Nick.
Reply


Messages In This Thread
Integrating PayPal's shopping cart with GetSimple - by hameau - 2012-04-16, 02:57:27



Users browsing this thread: 2 Guest(s)