That's the thing. It is easy to do things in the way I describe. Unless otherwise set (in the paypal profile.. one can choose to only accept encrypted buttons but this doesn't seem to be the default), any person anywhere (if they have access to the merchant id or merchant email address) can whip up a button buying figmentary items at a figmentary price.
Currently we have a mix. Some buttons created with the button builder in paypal that leave the encryption in place, and others that are just properly formatted forms in clear text (the original of which was generated by paypal and choosing to not host on paypal,and not encrypt as part of the button build process). Paypal really isn't very picky as you can have multiple of the same item all with different prices etc. (We don't do it that way, each has a unique item name) This is why I'm looking in to doing the encryption on my own. (not necessarily on the fly) as described best here: https://www.stellarwebsolutions.com/en/articles/paypal_button_encryption_php.php Basically,generate public/private key pairs, upload a key to paypal, and download their public key, Encrypt the button fields,and change paypal settings to "only accept encrypted...." If done right (fingers crossed) I and my friend are the only one with all the information required to encrypt/decrypt my buttons. (and paypal of course since I'll be uploading a key to my friends paypal for this purpose) At this point people can create all the fake buttons they want but they won't work since they will not have been properly encrypted, and only encrypted buttons will be accepted. >From the sound of things, even after I figure out how to get the things encrypted I can add an additional layer of protection, and confirm that things have indeed have been submitted as they should have been by adding a backcheck as you described. I'm starting to wonder if the switch you mention is affecting this particular part.. The encryption of buttons.. Have I completely misunderstood how all this works? On Wed, Jul 20, 2016 at 1:47 PM, J. Landman Gay <jac...@hyperactivesw.com> wrote: > Not to beat a stubborn dead horse, but...I don't think you can do what you > want. Paypal makes it pretty hard to modify their buttons. If they didn't, > anyone could copy and change the Paypal button on any site, which is kind > of what you're describing. > > > On 7/20/2016 2:18 PM, Mike Bonner wrote: > >> Thank you both. I think i'm in over my head actually, but stubborn makes >> up for a lot. >> >> On Wed, Jul 20, 2016 at 1:12 PM, Richard Gaskin < >> ambassa...@fourthworld.com> >> wrote: >> >> Mike Bonner wrote: >>> >>> I just turned the corner on understanding the old method, I suspect >>>> i'll be able to make it work once sha-256 is implemented. >>>> >>> >>> If it helps, I've found Mark Smith's libHash-Hmac to be quite good, his >>> sha256 function returning the same values I get when tested against the >>> command-line tool installed with my OS: >>> >>> http://marksmith.on-rev.com/revstuff/ >>> >>> -- >>> Richard Gaskin >>> Fourth World Systems >>> Software Design and Development for the Desktop, Mobile, and the Web >>> ____________________________________________________________________ >>> ambassa...@fourthworld.com http://www.FourthWorld.com >>> >>> >>> _______________________________________________ >>> use-livecode mailing list >>> use-livecode@lists.runrev.com >>> Please visit this url to subscribe, unsubscribe and manage your >>> subscription preferences: >>> http://lists.runrev.com/mailman/listinfo/use-livecode >>> >>> _______________________________________________ >> use-livecode mailing list >> use-livecode@lists.runrev.com >> Please visit this url to subscribe, unsubscribe and manage your >> subscription preferences: >> http://lists.runrev.com/mailman/listinfo/use-livecode >> >> > > -- > Jacqueline Landman Gay | jac...@hyperactivesw.com > HyperActive Software | http://www.hyperactivesw.com > > _______________________________________________ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode > _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
