Reputation: 93
Custom Paypay payment protection
I'm doing a PayPal payment system. The steps are:
- collect all item & price value that user have chose, through js get from html input.
redirect to url paypal and add on item and price:
https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_cart&upload=1&[email protected]&cy_code=USD&lc=US&item_name_1=Black Gold&item_number_1=1&quantity_1=1&amount_1=$58.00
Question: But using this method, user can change the price easily by downloading the page from my site and changing the script. So any protection I can do for this?
I have 2 ideas now. But I don't think they're good solutions.
- encode/decode the price by server site
- get the price value from sql ...
Upvotes: 0
Views: 77
Answers (1)
Reputation: 15253
Use a POST request to send the data and not a GET request (using URL params). Also, use the PayPal IPN notification system to notify you in the situation that somebody tampers with passed values using a hack:
Upvotes: 1
Related Questions
- Secure PayPal Checkout Client-side?
- How to prevent users from changing html when buying products via PayPal?
- How can I ensure the security of my payment system via PayPal?
- SecurionPay custom integration Checkout via JavaScript
- PayPal - ASP.NET Medium Trust
- Securing a Javascript / PayPal checkout form
- Securing/Validating Paypal Payments Pro Data on Custom Hosted Checkout Page and Submitting Custom Data to PayPal
- Payment Security of Paypal
- Security in ASP during payment
- How to prevent editing of hidden field with PayPal's Website Payment Standard?