Page 1 of 1

Urgent : Problem with Web Developer Add-ons

Posted: Wed Oct 21, 2009 7:33 am
by arulkumar
Actual process : We are doing some javascript calculation and stored in hidden fields then send to the payment process.

Problem is : hackers are changed the hidden field values using the Mozilla Firefox Web Developer add-ons(Forms->Display Form Fields) and do the payments


There is any way to resolve this option?

Please replay ASAP.....

Thanks in advance

Re: Urgent : Problem with Web Developer Add-ons

Posted: Wed Oct 21, 2009 9:32 am
by jackpf
Don't save them in hidden fields maybe? :?

Re: Urgent : Problem with Web Developer Add-ons

Posted: Wed Oct 21, 2009 9:59 am
by pickle
Never, ever, EVER, trust anything a user gives you. Especially don't count on Javascript to execute properly. The Javascript should only be there to improve the user interface - for giving the user immediate feedback without needing a page load. You should always be doing the calculations server-side as well.

Re: Urgent : Problem with Web Developer Add-ons

Posted: Thu Oct 22, 2009 8:30 am
by arulkumar
Thanks for your valuable reply ....

Another Problem is : I am sending the values to payapl through hidden field only ...... so they can change the values

they is any other way to send the parameters to paypal ?

Re: Urgent : Problem with Web Developer Add-ons

Posted: Fri Oct 23, 2009 9:19 am
by TheOnly92
Use cURL. It's definitely not good to send confidential information from the client side.

Re: Urgent : Problem with Web Developer Add-ons

Posted: Sat Oct 24, 2009 5:34 am
by kaisellgren
arulkumar wrote:Thanks for your valuable reply ....

Another Problem is : I am sending the values to payapl through hidden field only ...... so they can change the values

they is any other way to send the parameters to paypal ?
PayPal's IPN or the other service (what ever it was called) will send you the details about the transaction, when they arrive, you need to recalculate and make a comparison to see whether the payment was fraudulent or not.

Re: Urgent : Problem with Web Developer Add-ons

Posted: Thu Nov 05, 2009 6:09 am
by arulkumar
Thanks for your help...

I have fixed the issue....