After researching the issue it seems API credentials are needed for paypal express, not paypal standard. I can't install openssl nor create a key so I'm giving up for now and will just manually check that the payment amount and item price do match.
Latest News: (loading..)
0
28 replies to this topic
#22
Posted 23 June 2012 - 03:39 PM
@Biancoblu
I have used openssl to generate public and private keys, downloaded the paypal public key etc.
Like you, what I am missing is where to upload these to on the server.... Is it simply a case of creating a new directory, adding these to it and then calling them up from the paypal module in admin? or do I need to install some of the openssl files as well?
I have used openssl to generate public and private keys, downloaded the paypal public key etc.
Like you, what I am missing is where to upload these to on the server.... Is it simply a case of creating a new directory, adding these to it and then calling them up from the paypal module in admin? or do I need to install some of the openssl files as well?
Now my store is the way I want it - Secure, working well, and good Google Ranks - Thanks to all for the help given.
If you want to see the mods I have installed, then see my profile.
If you want to see the mods I have installed, then see my profile.
#23
Posted 23 June 2012 - 04:20 PM
OK - it is now done 
) and confirmed that the hidden fields are encripted and paypal IPN still works!
If I have time later I will document the steps to do this.
Thanks
) and confirmed that the hidden fields are encripted and paypal IPN still works!If I have time later I will document the steps to do this.
Thanks
Edited by Mort-lemur, 23 June 2012 - 04:20 PM.
Now my store is the way I want it - Secure, working well, and good Google Ranks - Thanks to all for the help given.
If you want to see the mods I have installed, then see my profile.
If you want to see the mods I have installed, then see my profile.
#24
Posted 23 June 2012 - 06:51 PM
OK all of my sites are now secure against this potential exploit, all tested, and trial purchases made.
I would like to post the exact steps to achieve this - does anyone think it would be worthwhile doing that in a new thread or even as a contribution?
Or if nobody is interested I wont bother
Thanks
I would like to post the exact steps to achieve this - does anyone think it would be worthwhile doing that in a new thread or even as a contribution?
Or if nobody is interested I wont bother
Thanks
Edited by Mort-lemur, 23 June 2012 - 06:52 PM.
Now my store is the way I want it - Secure, working well, and good Google Ranks - Thanks to all for the help given.
If you want to see the mods I have installed, then see my profile.
If you want to see the mods I have installed, then see my profile.
#25
altoid
-
- Community Sponsor
-
- 763 posts
- Real Name:Steve
- Gender:Male
- Location:Hollidaysburg, Pennsylvania
Posted 23 June 2012 - 08:16 PM
Mort-lemur, on 23 June 2012 - 06:51 PM, said:
OK all of my sites are now secure against this potential exploit, all tested, and trial purchases made.
I would like to post the exact steps to achieve this - does anyone think it would be worthwhile doing that in a new thread or even as a contribution?
Or if nobody is interested I wont bother
Thanks
I would like to post the exact steps to achieve this - does anyone think it would be worthwhile doing that in a new thread or even as a contribution?
Or if nobody is interested I wont bother
Thanks
I use PP IPN on four sites, so I am interested. I looked at openssl, and that for me is a bit of a learning curve as well, but I'll tackle it. Thanks
I am not a professional webmaster or PHP coder by background or training but I will try to help as best I can.
I remember what it was like when I first started with osC. It can be overwhelming.
However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc.
There are several good pros here on osCommerce. Look around, you'll figure out who they are.
I remember what it was like when I first started with osC. It can be overwhelming.
However, I strongly recommend considering hiring a professional for extensive site modifications, site cleaning, etc.
There are several good pros here on osCommerce. Look around, you'll figure out who they are.
#26 ONLINE
burt
-
- Community Team
- 7,871 posts
Code Monkey
- Real Name:G Burton
- Gender:Male
- Location:UK/DEV/on
Posted 23 June 2012 - 09:15 PM
Basically upload the certificates to anywhere on your webhosting and link to them in the input boxes (like it does the openssl input box)...
Should be fairly straightfoward, and would make a good thread Heather, thanks. Or just add to this thread
Should be fairly straightfoward, and would make a good thread Heather, thanks. Or just add to this thread
Dummies guide to designing osCommerce 2.3 Click Me
Or maybe a ready made theme for your shop ??
Warning: My posts may contain Horsemeat.
Or maybe a ready made theme for your shop ??
Warning: My posts may contain Horsemeat.
#28
Posted 23 June 2012 - 09:27 PM
Started a new thread - not quite simple, but quite straightforward
Now my store is the way I want it - Secure, working well, and good Google Ranks - Thanks to all for the help given.
If you want to see the mods I have installed, then see my profile.
If you want to see the mods I have installed, then see my profile.
#29
Posted 15 August 2012 - 03:36 AM
good instruction here!
http://forums.oscommerce.com/topic/387748-closing-the-paypal-checkout-confirmation-exploit/
http://forums.oscommerce.com/topic/387748-closing-the-paypal-checkout-confirmation-exploit/
