ldavies83 Posted July 16, 2003 Share Posted July 16, 2003 I've been asked this question concerning whether OSc supports the above? Anyone know the answer, I believe so, or at least the Paypal IPN contrib as it wont set the status as pending until paypal have returned a result and just leaves it as 'Paypal Pending'. Heres his explanation, taken from a list of "if only a cart system had this": 3. Payment authorisation can be FAKED. Unless the cart says in its literature that it has call back IP protection I wouldn't touch it. It's such a bit thing that any cart that had it would BRAG about it in bold letters. Basically after payment is taken the gateway returns the user to a predermined page on your site. The page takes all the infor returned by the gateway (like credit pass,fail, order number etc), and allows or disallows the purchase. A clever user could FAKE a purchase without money being taken. Any feedback apreciated, thanks, L. Contribs Written: Nochex APC Payment Module, Cheque Payment Module Contribs Updated: Information Pages Unlimited, Latest News V1 You've gotta be Quick on the Draw in this game! Link to comment Share on other sites More sharing options...
Guest Posted July 16, 2003 Share Posted July 16, 2003 A search for "call back IP protection" on Google returns 0 results, strange if this is such a basic feature. The explanation about how a 'clever user' would go about faking a purchase has no details of how this might be done, so I can't comment on that. Regards, Rob Link to comment Share on other sites More sharing options...
wizardsandwars Posted July 16, 2003 Share Posted July 16, 2003 Not to mention that several payment modules, such as the Authorize.net ADC connection have a direct connection to the authorize.net server, for extra protection against this sort of thing. The old paypal module before the IPN would allow a user to put in the "checkout_success.php" url, and simulate the success of the sale. However, that was fixed some time ago. I'm not sure if it can be done iwth any of the other payment modules, but I would test any that you install before implementing it into a live shop. ------------------------------------------------------------------------------------------------------------------------- NOTE: As of Oct 2006, I'm not as active in this forum as I used to be, but I still work with osC quite a bit. If you have a question about any of my posts here, your best bet is to contact me though either Email or PM in my profile, and I'll be happy to help. Link to comment Share on other sites More sharing options...
Guest Posted July 17, 2003 Share Posted July 17, 2003 Not to mention, I don't ship anything til I see the green. Link to comment Share on other sites More sharing options...
ldavies83 Posted July 17, 2003 Author Share Posted July 17, 2003 I thought as much as you would need the collaboration of both Gateway and local software. I think the end result is, that OSc can and in some cases (like the paypal IPN) does. Would I be right in thinking that the payment status is updated to pending on hitting Checkout Success page (ie after returning from the gateway)? or when you click on the continue button on the summary page just before you hit the gateway P.s. 'Hit' should not be taken literally!! and I would not recommend any such action :D Contribs Written: Nochex APC Payment Module, Cheque Payment Module Contribs Updated: Information Pages Unlimited, Latest News V1 You've gotta be Quick on the Draw in this game! Link to comment Share on other sites More sharing options...
wizardsandwars Posted July 17, 2003 Share Posted July 17, 2003 Yes, that is correct. With the 'old' paypal module, you could proceed to the confirmation page, and then instead of hitting 'confirm' type in the addressbar the call back URL which used to be passed to paypal (and could be seen by view source), and you could 'trick' the module into thinking that you had been payed. But it doesn't work anymore. the IPN contribution, and then later the refgular paypal module that comes with paypal stopped you from being aboe to do that. Most of hte other payment modules use a 'direct connect' method, which doesn't need the gateway to 'callback' the OSC store. ------------------------------------------------------------------------------------------------------------------------- NOTE: As of Oct 2006, I'm not as active in this forum as I used to be, but I still work with osC quite a bit. If you have a question about any of my posts here, your best bet is to contact me though either Email or PM in my profile, and I'll be happy to help. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.