I just wanted to start it with different heads to make sure that I was missing something obvious. I use Payflow Link, which handles all the crap of credit card e-commerce transactions. However, you are passing the total amount of the PayPal transaction to the POST variables, which seems like a potential security issue:
- An attacker can load his cart and proceed to check
- By reading hidden input fields, he can trick POST into PayPal with a total of 1 cent.
- Paypal will complete the transaction, will call my order book script, which will register the transaction and mark its products for shipment.
I could check the total amount on his cart by contacting the database, pulling the items in my basket and recounting their prices plus shipping and tax. But this is a very difficult climb to check for fakes (several database queries, as well as 2 calls to web services for each item to get delivery and tax).
My idea:
- PayPal sends regular POST variables for the amount
- But then in the user variables (which will be redirected to my script log), save the sha1 hash file from the total plus some private key
- On the other hand, script logging repeats the dollar amount plus the same private key and compares it with the passed hash.
- The differences between the transmitted hash and the calculated hash indicate a fake, and the order will be marked in red for viewing by a person.
It makes sense? Did I miss something?( ):
-, , . , . , , , . , , . , , , , :
- , PayPal ?
. , . , , !