chaoswar4u Posted February 17, 2009 Posted February 17, 2009 Im currently setting up Paypal IPN. I have all working but im wanting to ensure its fully secure. Is anyone aware of any loop holes etc that I should protect myself from. Ive heard of the 0.01p tricks etc. Any one have any info then many thx inadvance for sharing it. Quote
Faz` Posted February 17, 2009 Posted February 17, 2009 Re: Paypal IPN. Secure? http://criminalexistence.com/ceforums/i ... ic=27203.0 Ok, that is a topic about turning donator packs to items yes, but Eternal has posted his IPN on it, it may be use to you or not. Quote
Lithium Posted February 17, 2009 Posted February 17, 2009 Re: Paypal IPN. Secure? the 0.01 tricks come from poorly built ipn files, without any confirmation on the placed amount. if you are unsure your IPN is or is not secure, the best choice you have is to create a sandbox account at paypal and the try your ipn files before making them go public. Quote
a_bertrand Posted February 17, 2009 Posted February 17, 2009 Re: Paypal IPN. Secure? If you write correctly your paypal handling it will be 100% sure, as you control directly to the paypal site if the transaction is correct or not. Make sure to control that the total is indeed the number of item x your price, so that nobody can pay for a 0.01 priced item ;-) Quote
Guest Anonymous Posted February 17, 2009 Posted February 17, 2009 Re: Paypal IPN. Secure? Wouldn't it just be a good idea to check the gross amount posted back and if it does not match the actual price, exit it. Quote
codestryke Posted February 18, 2009 Posted February 18, 2009 Re: Paypal IPN. Secure? If you write correctly your paypal handling it will be 100% sure, as you control directly to the paypal site if the transaction is correct or not. Make sure to control that the total is indeed the number of item x your price, so that nobody can pay for a 0.01 priced item ;-) YES! I cannot second this any more! I got bit by this a couple times because I was to lazy to add that simple check. I did it to one game, went on to work other things on my mind and got bit again on another one of our games. Why PayPal allows editing of this field is beyond me but check check check ;) Other then that I've been using the IPN service for about 6 years and have had very little problems or security problems other then what has been noted above. Quote
Haunted Dawg Posted February 18, 2009 Posted February 18, 2009 Re: Paypal IPN. Secure? PayPal can't really disallow the user to edit the form's. Because if they do then it's left to the actual user adding the form. I read somewhere on paypal that they allow cURL to go to a certain link on there website where only port's can be entered. So no user can go in there and look at the payment's. But once you send a payment, it is inserted also into that list allowing cURL to go into that list according to there paypal name and see. How ever, you might think that you can change your paypal name. But i also read that on there that each paypal user recieves a generated KEY when signing up. It does not show you in at registration. But it show's you at the "Options" in paypal itself. Another form i read somewhere is to let your server actualy login to your paypal account and check if any new payment's have been made. But i have not read up on that since that one is dificult. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.