|
|
|||||||
|
|
Thread Tools | Search this Thread | Rate Thread |
|
#1
20-Jun-2006, 17:59
|
|||
|
|||
How do you SAFELY pass hidden variables through merchant account payment screens?Hi everyone,
Please can you tell me how you prevent malicious manipulation of variables being passed through payment pages? I'm setting up a jobsboard and need to send hidden variables through the payment screen (including job title, body text etc). Then if the payment is sucessful the hidden variables will be used by a script in the 'thankyou page' to insert the job advert's details into the database. My question is how do you stop people just sending variables directly to the 'thankyou page' (without paying) to cause malicious postings (eg. spam) or alternatively getting free postings. Thanks for any thoughts you have! Kind Regards, Stewart |
|||
|
#2
02-Jul-2006, 02:22
|
|||
|
|||
Re: How do you SAFELY pass hidden variables through merchant account payment screens?Homepage -> Payment page -> Posting page
am I right? I assumed you already have your own form in the Payment page. Please use POST method instead of GET. <form method=POST> How do you accept payment? |
|
#3
02-Jul-2006, 07:25
|
|||
|
|||
Re: How do you SAFELY pass hidden variables through merchant account payment screens?You probably should use some type of database and variables so that the users cannot go to View source to see these hidden variables. You might also want to consider using one of those images that is generated on every page
|
|
#4
02-Jul-2006, 14:35
|
|||
|
|||
Re: How do you SAFELY pass hidden variables through merchant account payment screens?Thanks guys, interesting suggestions.
I've been researching this over the last few days and i think i'm going to use paypal as the problem is covered in their "paypal order management integration" guide. Basically they send a confirmation code to your server, your server sends back a secret password to prevent fraud, and then paypal sends another confirmation. then you can assume the payment is legitimate and carry out the database operations as normal. all these checks are done in real time so it can be used within a real time system. Note this guide isn't the standard "paypal setup guide" which i think is rather misleading as i was initially under the impression that there was only one guide. Stu |
|
#5
03-Jul-2006, 16:28
|
|||
|
|||
Re: How do you SAFELY pass hidden variables through merchant account payment screens?All electronic payment gateways will send a response back to you. For example, LinkPoint gives you:
0097820000019564:YNAM:12345678901234567890123 The first 6 digits of this line (in this example, 009782) are the Approval number. The next 10 digits (0000019564) are the Reference number. The first three alphabetic characters in the middle (YNA) make up the AVS Code. This AVS code can help reduce chargebacks. The last alphabetic character in the middle (M) is a code indicating whether the card code matched the card-issuing bank's code. |
Recent GIDBlog
Once again, no time for hobbies by crystalattice
| Thread Tools | Search this Thread |
| Rate This Thread | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| International merchant account - high volume? | imlek | eCommerce / Merchant Account Forum | 6 | 07-May-2007 05:54 |
| Free Internet Merchant Account Offer | powerseller2006 | eCommerce / Merchant Account Forum | 2 | 02-Aug-2006 09:41 |
| Forcetronix.com - Merchant Accounts and payment gateway | trinitron | eCommerce / Merchant Account Forum | 2 | 21-Apr-2005 05:16 |
| Credit Card Authorization only without merchant account | spk921803 | eCommerce / Merchant Account Forum | 1 | 05-Apr-2005 07:07 |
Network Sites: GIDNetwork · GIDWebHosts · GIDSearch · Learning Journal by J de Silva, The
