Jump to content
dev osCommerce
Forum
  • Checkout
  • Login
  • Contact Us
  • Get in touch

osCommerce

The e-commerce.

New Demo
Our Partners

encrypted webpayments

Garyp

By Garyp
in Other

 Share

Recommended Posts

Garyp

Garyp

Posted
Posted

Can I check please...

 

documentation says:

"If you have SSL enabled, then you won't need to set up encrypted web payments as the payment module automatically uses SSL if available."

 

I think these are different things ie customers could send a secure POST with fraudlent content especially <input type="hidden" name="amount" value="[a much lower number]"> if the button code is UNencrypted.

 

GaryP

Link to comment
Share on other sites
AlexStudio

AlexStudio

Posted
Posted
Can I check please...

 

documentation says:

"If you have SSL enabled, then you won't need to set up encrypted web payments as the payment module automatically uses SSL if available."

 

I think these are different things ie customers could send a secure POST with fraudlent content especially <input type="hidden" name="amount" value="[a much lower number]"> if the button code is UNencrypted.

 

GaryP

Yes, you are right. The encrypted webpayments is to protect the store, not the customers. Please by all means utilize it, don't count on the 'SSL enabled' thing, it's not enough.

Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration

 

Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored.

Link to comment
Share on other sites
AlexStudio

AlexStudio

Posted
Posted

And also block unecrypted wbsite payments in profile settings. These are all stated in the PayPal's website payment standard integration guide.

 

Blocking Unencrypted Website Payments

To prevent someone from creating a “spoof” version of your Website Payment buttons, you

can block unencrypted website payments.

To allow only Encrypted Website Payments:

1. Log in to your Business or Premier PayPal account.

2. Click the Profile subtab.

3. Click the Website Payment Preferences link in the right-hand menu.

4. Select On next to Block Non-encrypted Website Payments.

- PayPal's website payment standard integration guide page 106 -

Super Download Shop, PayPal Express Checkout IPN, Selling Downloads, Visual Validation (preventing robotic flood), phpBB2 Integration

 

Yes, I'm willing to help, but please ask in the right place. Think twice before trying to PM me, it might be ignored.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...