On 7/20/2016 11:00 AM, Mike Bonner wrote:
Ah, so I need to find an updated guide.
I misspoke a bit -- it's SHA-256, and the cutover is just beginning. Test systems were put in place some time ago and the full transition will be completed Sept 30. Noncompliant servers will fail after that date.
Currently most of the buttons are clear text. Its not too difficult for my friend to copy and paste an item listing and edit the form values to create a new item. (or to adjust prices etc) but the clear text part is bad because.. well.. People are involved. (cynical I know)
Paypal does quite a bit to assure that the button hasn't been compromised. It sends a verification message to the CGI on file and your script must respond with "OK" if the information passes your tests. The script on your server needs to check that some or all of a dozen or so details are correct. Paypal will only allow a payout if your script has verified the info and returned permission. For example, you'd want to check that the payee is your Paypal merchant ID and that the product code and price are accurate. The Paypal script on my website checks nine variables before allowing the transaction to complete.
But that does prohibit your friend from just modifying an existing button to add new products. If Paypal doesn't have the product code on file, the transaction will fail.
-- Jacqueline Landman Gay | jac...@hyperactivesw.com HyperActive Software | http://www.hyperactivesw.com _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
