Page 1 of 1
Urgent : Problem with Web Developer Add-ons
Posted: Wed Oct 21, 2009 7:33 am
by arulkumar
Actual process : We are doing some javascript calculation and stored in hidden fields then send to the payment process.
Problem is : hackers are changed the hidden field values using the Mozilla Firefox Web Developer add-ons(Forms->Display Form Fields) and do the payments
There is any way to resolve this option?
Please replay ASAP.....
Thanks in advance
Re: Urgent : Problem with Web Developer Add-ons
Posted: Wed Oct 21, 2009 9:32 am
by jackpf
Don't save them in hidden fields maybe?

Re: Urgent : Problem with Web Developer Add-ons
Posted: Wed Oct 21, 2009 9:59 am
by pickle
Never, ever, EVER, trust anything a user gives you. Especially don't count on Javascript to execute properly. The Javascript should only be there to improve the user interface - for giving the user immediate feedback without needing a page load. You should always be doing the calculations server-side as well.
Re: Urgent : Problem with Web Developer Add-ons
Posted: Thu Oct 22, 2009 8:30 am
by arulkumar
Thanks for your valuable reply ....
Another Problem is : I am sending the values to payapl through hidden field only ...... so they can change the values
they is any other way to send the parameters to paypal ?
Re: Urgent : Problem with Web Developer Add-ons
Posted: Fri Oct 23, 2009 9:19 am
by TheOnly92
Use cURL. It's definitely not good to send confidential information from the client side.
Re: Urgent : Problem with Web Developer Add-ons
Posted: Sat Oct 24, 2009 5:34 am
by kaisellgren
arulkumar wrote:Thanks for your valuable reply ....
Another Problem is : I am sending the values to payapl through hidden field only ...... so they can change the values
they is any other way to send the parameters to paypal ?
PayPal's IPN or the other service (what ever it was called) will send you the details about the transaction, when they arrive, you need to recalculate and make a comparison to see whether the payment was fraudulent or not.
Re: Urgent : Problem with Web Developer Add-ons
Posted: Thu Nov 05, 2009 6:09 am
by arulkumar
Thanks for your help...
I have fixed the issue....