I just turned the corner on understanding the old method, I suspect i'll be able to make it work once sha-256 is implemented. And now I _think_ I have an inkling of what you mean re: the cgi on file and back confirming the correct info. I can see more reading in my immediate future. Thank you much for the guidance.
On Wed, Jul 20, 2016 at 12:35 PM, J. Landman Gay <jac...@hyperactivesw.com> wrote: > On 7/20/2016 11:00 AM, Mike Bonner wrote: > >> Ah, so I need to find an updated guide. >> > > I misspoke a bit -- it's SHA-256, and the cutover is just beginning. Test > systems were put in place some time ago and the full transition will be > completed Sept 30. Noncompliant servers will fail after that date. > > Currently most of the buttons are clear text. Its not too difficult for my >> friend to copy and paste an item listing and edit the form values to >> create >> a new item. (or to adjust prices etc) but the clear text part is bad >> because.. well.. People are involved. (cynical I know) >> > > Paypal does quite a bit to assure that the button hasn't been compromised. > It sends a verification message to the CGI on file and your script must > respond with "OK" if the information passes your tests. The script on your > server needs to check that some or all of a dozen or so details are > correct. Paypal will only allow a payout if your script has verified the > info and returned permission. For example, you'd want to check that the > payee is your Paypal merchant ID and that the product code and price are > accurate. The Paypal script on my website checks nine variables before > allowing the transaction to complete. > > But that does prohibit your friend from just modifying an existing button > to add new products. If Paypal doesn't have the product code on file, the > transaction will fail. > > -- > Jacqueline Landman Gay | jac...@hyperactivesw.com > HyperActive Software | http://www.hyperactivesw.com > > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode > _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
