angularjs-cart icon indicating copy to clipboard operation
angularjs-cart copied to clipboard

Published 20 hours ago verified publisher icon kenyee

Security of price

Open phoenix741 opened this issue 12 years ago • 1 comments

Hi,

I have a little question about security. What about unsure user ? For all process executed on the client side, we can't trust the user. The user can change executed Javascript with the help of greasemonkey script or manually. So if all the process is made by the client, this one can change price before sending it to paypal.

How this case can be resolving without calling paypal from the server side ?

phoenix741 avatar Nov 04 '13 13:11 phoenix741

Because of the way Paypal's "Payflow Link" works, you can't prevent the attack you described because your form posts the price info to Paypal's server. You do get a confirmation# back from Paypal though, so you can save the final amount and order info on your web site and then verify the order amount is correct and reject it when you get the confirmation# back from Paypal.

kenyee avatar Nov 09 '13 13:11 kenyee