[thelist] OT: e-commerce PayPal

Richard Bennett richard.bennett at skynet.be
Thu May 9 05:28:01 CDT 2002


Galen wrote:
> I went and rooted you all out an example of the source code that is
> "encryted" that way as well...  This is from someone in some of one
> of the
> other forums that has been complaining about the bypassing of the pay
> like...  How did we get this far off topic anyhow?
>
> ======  copy below =========
<code snipped>
> Easily hackable and as far as security goes not even worth the time
> to use

Totally insecure - just load it into NS4, and view the source - nothing
encrypted!

<center>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<INPUT type="hidden" name="cmd" value="_xclick">
<inputtype="hidden" name="business" value="dbrinson at millenniumcashflow.com">
<INPUT type="hidden" name="item_name" value="Millennium BigList and
Bonuses">
<INPUT type="hidden" name="item_number"value="0043">
<INPUT type="hidden" name="amount" value="5.00">
<INPUT type="hidden" name="undefined_quantity" value="1">
<inputtype="hidden"
name="return"value="http://www.millenniumcashflow.com/MillenniumBigList.exe"
>
<inputtype="hidden"
name="cancel_return"value="http://www.millenniumcashflow.com">
<INPUT type="image"src="http://www.millenniumcashflow.com/buynow.gif"
border="0"name="submit">
</FORM>

BTW - there is no known way to encrypt HTML pages at all.
Use server-side coding, and good site architecture to keep pages secure.

Cheers
Richard.




More information about the thelist mailing list