Preventing Spoofing with Paypal

Posted by wcpro on Stack Overflow See other posts from Stack Overflow or by wcpro
Published on 2010-06-14T03:30:05Z Indexed on 2010/06/14 3:42 UTC
Read the original article Hit count: 229

Filed under:

ASP.NET

|

paypal

I have a scenario where i need to have a user checkout through PayPal and then once we receive the payment then we create a membership record in our membership site. The PayPal requires a "return" field when you submit the form button that will take the user back to our page once the order has been successfully processed. On that page is where we actually track the sale and fire a chunk of javascript to track the sale.

So my question is this, how can i make sure that the return page comes from PayPal and is not spoofed by a user in the system. I know there is a way to use the notify_url to have PayPal post back to our system, but in this case i have to run a chunk of javascript. Is there an easy way to do this, or would i have to write some looping/timeout function that checks to see if the notify post has come through?

Im using .net to do the posting to paypal

© Stack Overflow or respective owner

Related posts about ASP.NET

Migrating ASP.NET MVC 1.0 applications to ASP.NET MVC 2 RTM

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Note: ASP.NET MVC 2 RTM isn’t yet released! But this tool will help you get your ASP.NET MVC 1.0 applications ready for when it is! I have updated the MVC App Converter to convert projects from ASP.NET MVC 1.0 to ASP.NET MVC 2 RTM. This should be last the last major change to the MVC App Converter… >>> More
April 14th Links: ASP.NET, ASP.NET MVC, ASP.NET Web API and Visual Studio

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
Here is the latest in my link-listing blog series: ASP.NET Easily overlooked features in VS 11 Express for Web: Good post by Scott Hanselman that highlights a bunch of easily overlooked improvements that are coming to VS 11 (and specifically the free express editions) for web development: unit… >>> More
Use ASP.NET 4 Browser Definitions with ASP.NET 3.5

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
We updated the browser definitions files included with ASP.NET 4 to include information on recent browsers and devices such as Google Chrome and the iPhone. You can use these browser definition files with earlier versions of ASP.NET such as ASP.NET 3 Read More......(read more) >>> More
ASP.NET webforms + ASP.NET Ajax versus ASP.NET MVC and Ajax framework freedom

as seen on Stack Overflow - Search for 'Stack Overflow'
If given the choice, which path would you take? ASP.NET Webforms + ASP.NET AJAX or ASP.NET MVC + JavaScript Framework of your Choice Are there any limitations that ASP.NET Webforms / ASP.NET AJAX has vis-a-vis MVC? >>> More
ASP.NET MVC 2 Released

as seen on ASP.net Weblogs - Search for 'ASP.net Weblogs'
I’m happy to announce that the final release of ASP.NET MVC 2 is now available for VS 2008/Visual Web Developer 2008 Express with ASP.NET 3.5. You can download and install it from the following locations: Download ASP.NET MVC 2 using the Microsoft Web Platform Installer Download… >>> More

Related posts about paypal

paypal api - send money to any paypal account

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, is it possible to send money using paypal API to any paypal account (not just to API credentials owner). I know that it's possible to do that using IPN, but I need to use SOAP. many thanks >>> More
paypal sandbox to original paypal

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi I used paypal sandbox to test my code and my ipn is working. but Now i need to go to original paypal account. My confusion is in sandbox we make buyers and sellers account. and we get [email protected] like seller account. is it needed in original account? if needed how to make it… >>> More
PayPal Cannot send value to paypal

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi PayPal IPN sends a notification to your script directly. Since the notification is coming from PayPal - NOT the customer that placed the order - My Login session doesn't exits this context .Therefore,all my login data doesn't exist in the session.I need my login session values to update my DB… >>> More
Paypal (sandbox) buy now link redirects to paypal (sandbox) login page instead of order summary

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, Before going live I try to test the paypal process against the paypal sandbox mode, but after the summary of what the user is going to pay on my website(buy now button), the link does not redirect to a paypal summary of the prder but ask the user to connect to paypal. Even after logging into the… >>> More
Preserving case in HTTP headers with Ruby's Net:HTTP

as seen on Stack Overflow - Search for 'Stack Overflow'
Although the HTTP spec says that headers are case insensitive; Paypal, with their new adaptive payments API require their headers to be case-sensitive. Using the paypal adaptive payments extension for ActiveMerchant (http://github.com/lamp/paypal_adaptive_gateway) it seems that although the headers… >>> More