paypal encrypted buttons using lc

Mike Bonner bonnmike at gmail.com
Wed Jul 20 20:59:17 CEST 2016


I just turned the corner on understanding the old method, I suspect i'll be
able to make it work once sha-256 is implemented.  And now I _think_ I have
an inkling of what you mean re: the cgi on file and back confirming the
correct info.  I can see more reading in my immediate future. Thank you
much for the guidance.

On Wed, Jul 20, 2016 at 12:35 PM, J. Landman Gay <jacque at hyperactivesw.com>
wrote:

> On 7/20/2016 11:00 AM, Mike Bonner wrote:
>
>> Ah, so I need to find an updated guide.
>>
>
> I misspoke a bit -- it's SHA-256, and the cutover is just beginning. Test
> systems were put in place some time ago and the full transition will be
> completed Sept 30. Noncompliant servers will fail after that date.
>
> Currently most of the buttons are clear text.  Its not too difficult for my
>> friend to copy and paste an item listing and edit the form values to
>> create
>> a new item. (or to adjust prices etc) but the clear text part is bad
>> because.. well.. People are involved. (cynical I know)
>>
>
> Paypal does quite a bit to assure that the button hasn't been compromised.
> It sends a verification message to the CGI on file and your script must
> respond with "OK" if the information passes your tests. The script on your
> server needs to check that some or all of a dozen or so details are
> correct. Paypal will only allow a payout if your script has verified the
> info and returned permission. For example, you'd want to check that the
> payee is your Paypal merchant ID and that the product code and price are
> accurate. The Paypal script on my website checks nine variables before
> allowing the transaction to complete.
>
> But that does prohibit your friend from just modifying an existing button
> to add new products. If Paypal doesn't have the product code on file, the
> transaction will fail.
>
> --
> Jacqueline Landman Gay         |     jacque at hyperactivesw.com
> HyperActive Software           |     http://www.hyperactivesw.com
>
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>


More information about the use-livecode mailing list