I am atempting to configure/setup ubercart on my site and as I am working through the Paypal configuration I cane accross the Paypal Encrypted Web-site Payments option.
Is this supported in ubercart? If so how do you configure?
Support for PayPal Encrypted Payments
|
|
Might need to hit us up w/ a link... if you're talking about Website Payments Pro, then you just have to enable/setup the Credit Card module per the documentation and then enable and configure the PayPal module along with WPP.
Thanks for responding.
I am just using the webpayments standard. However in the profile settings on the paypal site there is an option to enable encrypted data transfers from the server to paypal. Just another security layer.
I cannot give a link since it is in my paypal account, basically I am wondering if ubercart supports this feature.
See the attached jpg file for a screen from paypal.
| Attachment | Size |
|---|---|
| paypal.jpg | 63.51 KB |
I'm pretty sure that what you're asking about is irrelevant for Ubercart.
PayPal lets you simply add buttons to your site (in the form of an HTML snippet) which, when pressed, pass payment data to the PayPal. The problem is that this HTML is cleartext, so a devious user could look at your source, modify it, and make a post by hand to the PayPal server. This is a way to set your own price/shipping cost for products sold via PayPal buttons! From a merchant's point of view, this is fairly easy to detect - you just have to be familiar with your own prices and shipping costs to notice that someone has change them, OR, you just have to validate the IPN notification. PayPal seems to now allow an additional step of encrypting the data sent to PayPal, to make it harder to subvert this process.
However, none of that applies to Ubercart, since Ubercart does not use this button method to pass order details to PayPal.
For websites with alot of transactions, ive always wondering how business owners can handle it.
Copying and pasting button code like this is of course very hard and unrealstic for a cart-based website, but it does solve people problem of people who are smart enough to change transaction info. The 2 solutions i see are to check after IPN submits order details, to make sure all the items they ordered adds up to the price the system should be, or encrypt the button code (via paypal's copy and paste button code, or SSL on your website to encrypt the transaction with your public key you sent to paypal).
I was not sure whether this can be done after clicking a Submit Order button, and doable on large scale cart-based websites. If so, that would be cool, cuase you wouldnt have to check each order for accuracy in case someone submitted their own code to paypal.
This is what the OP is asking about.
https://www.paypal.com/us/cgi-bin/webscr?cmd=p/xcl/rec/setup-help-pop#en...
UC does not use Paypal buttons. But the OP wants to know if you use Paypal Standard, is the data encrypted between UC and Paypal?
Cheers,
Mitch
|
|
Joined: 01/25/2008