paypal encrypted buttons using lc
bonnmike at gmail.com
Wed Jul 20 20:59:17 CEST 2016
I just turned the corner on understanding the old method, I suspect i'll be
able to make it work once sha-256 is implemented. And now I _think_ I have
an inkling of what you mean re: the cgi on file and back confirming the
correct info. I can see more reading in my immediate future. Thank you
much for the guidance.
On Wed, Jul 20, 2016 at 12:35 PM, J. Landman Gay <jacque at hyperactivesw.com>
> On 7/20/2016 11:00 AM, Mike Bonner wrote:
>> Ah, so I need to find an updated guide.
> I misspoke a bit -- it's SHA-256, and the cutover is just beginning. Test
> systems were put in place some time ago and the full transition will be
> completed Sept 30. Noncompliant servers will fail after that date.
> Currently most of the buttons are clear text. Its not too difficult for my
>> friend to copy and paste an item listing and edit the form values to
>> a new item. (or to adjust prices etc) but the clear text part is bad
>> because.. well.. People are involved. (cynical I know)
> Paypal does quite a bit to assure that the button hasn't been compromised.
> It sends a verification message to the CGI on file and your script must
> respond with "OK" if the information passes your tests. The script on your
> server needs to check that some or all of a dozen or so details are
> correct. Paypal will only allow a payout if your script has verified the
> info and returned permission. For example, you'd want to check that the
> payee is your Paypal merchant ID and that the product code and price are
> accurate. The Paypal script on my website checks nine variables before
> allowing the transaction to complete.
> But that does prohibit your friend from just modifying an existing button
> to add new products. If Paypal doesn't have the product code on file, the
> transaction will fail.
> Jacqueline Landman Gay | jacque at hyperactivesw.com
> HyperActive Software | http://www.hyperactivesw.com
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
More information about the use-livecode