By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
429,263 Members | 2,640 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 429,263 IT Pros & Developers. It's quick & easy.

Encryption / obfuscation of form variables

P: n/a
Hi,

I mainly use PayPal for eCommerce, but one of the features which I don't
like is the fact that you pass shopping cart data to their payment gateway
by means of hidden form variables, e.g.

<form id=paypal>
<input type="hidden" name="business" value="pa****@markrae.com">
<!--other hidden fields representing the items in the shopping cart-->
</form>

Although I generate the client-side form tag dynamically server-side, I'm
still not happy about these form variables being human-readable. The main
problem, apart from spamming of course, is that someone could easily click
View Source, copy and paste the form tag and all its contents into a new web
page, change the prices of the items in the cart, and submit the form.

Of course, I do verify all purchases before the goods are dispatched so I do
prevent fraud in that way but, assuming that "prevention is better than
cure", I'd inifinitely prefer not to give potential fraudsters the ability
to hack my View Source contents.

I've looked at some so-called "encryption" options which are, frankly,
rubbish: http://www.dynamicdrive.com/dynamicindex9/encrypter.htm is a case
in point. That doesn't encrypt anything, it just esapes the test!

Other sites (e.g. http://automaticlabs.com/products/enkoder) provide much
better encryption, but they don't support dynamic interaction. I'm looking
for a solution which will allow me to create the <form> tag dynamically,
then encrypt it in real-time.

PayPal do have a webservice-based gateway, but that's available only to US
account holders at the moment. As soon as that's available to UK account
holders, then all of the above will be academic.

However, in the meantime, I'd be grateful to know of any decent client-side
encryption techniques which fit within an ASP.NET solution.

Any assistance gratefully received.

Mark
Nov 20 '05 #1
Share this question for a faster answer!
Share on Google+

This discussion thread is closed

Replies have been disabled for this discussion.