Great Ideas. Always Flowing.

We are not happy until you are happy. Client satisfaction guaranteed. Whatever your needs and requirements, we have the skills and resources for the job!

Quick login...


Or... now make it easy with Facebook Integration
Connect via Facebook



Top Sellers

Frustrated over the lack of customization for your user's registration fields? Dynamically setup your DNN Portal with custom registration fields, layout, questions, and other core integration options......

Ultra Video Gallery is a brother product of Ultra Media Gallery, UVG allows you to upload videos in various format and automatically encode them to flv or H264 format, you also can add videos from internet or record live videos from your webcam.

Build high performance, completely customizable data-entry forms and views driven by your DNN and external databases. New built-in tools make it a snap to quickly create data entry forms, data views, and even database tables. Plus, add your own HTML, CSS, Javascript, SQL commands, stored procedures,

The most advanced DotNetNuke shopping cart on the planet. Easy to use e-Commerce, Secure Shopping Cart Software and SEO friendly. B2C / B2B Ecommerce Sites.

One stop solution for events calendar and events registration! FREE DOWNLOAD is available now!

Possible client side security rtisk when claculating payment totals?
Last Post 05-30-2011 03:15 AM by Matt Bunce. 0 Replies.
AddThis - Bookmarking and Sharing Button Printer Friendly
  •  
  •  
  •  
  •  
  •  
Sort:
PrevPrev NextNext
You are not authorized to post a reply.
Author Messages Not Resolved
Matt BunceUser is Offline
skipping stones
skipping stones
Posts:12
Avatar

--
05-30-2011 03:15 AM
    I have been looking at the various tutorials which focus on how to use PayPal integration (Hint - some of the links don't work, so I had to work out what the URL is meant to be).

    It seems that when calculating the total amount payable for a set of products and calculating a discount (based on a promo code) the calculation is done client side, with the total amount to be billed stored in a hidden field.

    Doesn't this present a risk of someone ordering many products, but overriding the total, by using firebug or something similar, to update the hidden value to "$1" and then proceeding to PayPal? The PayPal transaction would complete successfully, leading to the payment confirmed events to be processed even if the amount paid has been hacked.

    Have I misunderstood how the client side calculation is being used, or is there a way to make this work securely?

    Thanks

    Matt
    You are not authorized to post a reply.


     
     

    Join our mailing list...

    Get current news and events the easy way
     
     
       
    Subscribe Me

    Recent Blogs...

     
    Copyright 2005 - 2011 by Data Springs, Inc.
     
  • film izle
  • 720 izle
  • film
  • sinema izle
  • film makinesi
  • T�rk�e dublaj film
  • film izle
  • film izle
  • baglan film izle
  • sinema izle
  • 1080 film izle
  • film mercegi