[thelist] OT: e-commerce PayPal

Richard Bennett richard.bennett at skynet.be
Thu May 9 05:28:01 CDT 2002

Galen wrote:
> I went and rooted you all out an example of the source code that is
> "encryted" that way as well...  This is from someone in some of one
> of the
> other forums that has been complaining about the bypassing of the pay
> like...  How did we get this far off topic anyhow?
> ======  copy below =========
<code snipped>
> Easily hackable and as far as security goes not even worth the time
> to use

Totally insecure - just load it into NS4, and view the source - nothing

<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<INPUT type="hidden" name="cmd" value="_xclick">
<inputtype="hidden" name="business" value="dbrinson at millenniumcashflow.com">
<INPUT type="hidden" name="item_name" value="Millennium BigList and
<INPUT type="hidden" name="item_number"value="0043">
<INPUT type="hidden" name="amount" value="5.00">
<INPUT type="hidden" name="undefined_quantity" value="1">
<INPUT type="image"src="http://www.millenniumcashflow.com/buynow.gif"

BTW - there is no known way to encrypt HTML pages at all.
Use server-side coding, and good site architecture to keep pages secure.


More information about the thelist mailing list