Paypal IPN security

Posted by keithics on Stack Overflow See other posts from Stack Overflow or by keithics
Published on 2010-04-23T13:32:30Z Indexed on 2010/04/23 13:53 UTC
Read the original article Hit count: 312

Filed under:

paypal

|

php

Hello!

I am developing a website which will allow users to pay via Paypal.

Paypal IPN seems to be easy to integrate and it works on my localhost.

Now the problem is that, the amount and the business name are passed to paypal using POST Data.

I know it's very dangerous to put it that way, but I am not sure what are the alternatives.

How can I make Paypal IPN secure?

© Stack Overflow or respective owner

Related posts about paypal

paypal api - send money to any paypal account

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, is it possible to send money using paypal API to any paypal account (not just to API credentials owner). I know that it's possible to do that using IPN, but I need to use SOAP. many thanks >>> More
paypal sandbox to original paypal

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi I used paypal sandbox to test my code and my ipn is working. but Now i need to go to original paypal account. My confusion is in sandbox we make buyers and sellers account. and we get [email protected] like seller account. is it needed in original account? if needed how to make it… >>> More
PayPal Cannot send value to paypal

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi PayPal IPN sends a notification to your script directly. Since the notification is coming from PayPal - NOT the customer that placed the order - My Login session doesn't exits this context .Therefore,all my login data doesn't exist in the session.I need my login session values to update my DB… >>> More
Paypal (sandbox) buy now link redirects to paypal (sandbox) login page instead of order summary

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, Before going live I try to test the paypal process against the paypal sandbox mode, but after the summary of what the user is going to pay on my website(buy now button), the link does not redirect to a paypal summary of the prder but ask the user to connect to paypal. Even after logging into the… >>> More
Preserving case in HTTP headers with Ruby's Net:HTTP

as seen on Stack Overflow - Search for 'Stack Overflow'
Although the HTTP spec says that headers are case insensitive; Paypal, with their new adaptive payments API require their headers to be case-sensitive. Using the paypal adaptive payments extension for ActiveMerchant (http://github.com/lamp/paypal_adaptive_gateway) it seems that although the headers… >>> More

Related posts about php

Magento, NGINX, PHP-FPM, APC, MEMCACHED, 16gb Ram CentOS, Spiking PHP-FPM to 100% CPU

as seen on Server Fault - Search for 'Server Fault'
I have been trying to resolve my issue of spiking cpu caused by php-fpm processes. I've reduced the php-fpm config settings to: pm = ondemand pm.max_children = 12 pm.start_servers = 2 pm.min_spare_servers = 2 pm.max_spare_servers = 10 pm.max_requests = 500 php_admin_value[memory_limit] = 128M Problem… >>> More
PHP Pear Installation on CentOS

as seen on Server Fault - Search for 'Server Fault'
[root@ip ~]# yum install php-pear* Reducing CentOS-5 Testing to included packages only Finished Setting up Install Process Package 1:php-pear-1.8.1-2.el5.centos.noarch already installed and latest versio … >>> More
Apache configurations for php "AddType text/html php" or "AddType application/x-httpd-php php .php"

as seen on Server Fault - Search for 'Server Fault'
I am taking over an application server and discover that it contain the following settings: AddType text/html php Although it works, but my understanding is that it should set as following: AddType application/x-httpd-php php .php What are the key differences between the two settings?… >>> More
mod_rewrite settings causes server to throw HTTP 500 errors instead of 404

as seen on Server Fault - Search for 'Server Fault'
Hello. I have a server with VBulletin forum (working under Apache 2.2, CentOS). The default settings for it in .htaccess are as follows: RewriteEngine on RewriteCond %{HTTP_HOST} ^gsmforum\.ru RewriteRule (.*) http://www.gsmforum.ru/$1 [R=301,L] # If you are having problems or are using VirtualDocumentRoot… >>> More
Problems installing Memcache (PECL extension)

as seen on Server Fault - Search for 'Server Fault'
I have installed memcached fine, and now I will need to install PECL extension memcache. Im running RedHat x86_64 es5. The installation gives me this: downloading memcache-2.2.6.tgz ... Starting to download memcache-2.2.6.tgz (35,957 bytes) ..........done: 35,957 bytes 11 source files, building running:… >>> More