Hi Jaace,
Yes, this could certainly be hacked by anyone worth his mettle. However, this is kind of a problem with HTML forms in general: you can never truly know WHERE they're coming from.
There are certainly ways to improve it: e.g. creating a CURL POST request on the server and submitting it to PayPal - this way you'll know that the data being sent from your site is exactly as you'd expect. But even that's not failsafe: a hacked could view the requests being sent and emulate it themselves, tweaking the POST values. The bottom line is that NO request sent via http is secure - it can always be mocked.
The PayPal integration zipfile that you're working from was actually just based on a library from PayPal themselves. I tweaked it to simplify a few things, but it hasn't actually been changed that much. No, it's not great: relying on the JS submit, for example, is pretty crumby; generating a bunch of hidden form fields is again, not great. But in essence, this is how most PayPal integrations work.
So all in all, I wouldn't worry too much. A dedicated hacker will always be able to put through a payment with invalid values. You have to be vigilant on the administrative front to check payments to ensure they're valid. Sucks, but there you go.
How's your PayPal integration going, by the way? I wish I had more time! This week I've been reading about your problems you've posted and felt bad I don't have time to respond. But if you're stuck on anything this weekend and need a lending hand, email me at ben.keen@gmail.com and I'll see if I can help out. I'm around most weekends.
- Ben
Yes, this could certainly be hacked by anyone worth his mettle. However, this is kind of a problem with HTML forms in general: you can never truly know WHERE they're coming from.
There are certainly ways to improve it: e.g. creating a CURL POST request on the server and submitting it to PayPal - this way you'll know that the data being sent from your site is exactly as you'd expect. But even that's not failsafe: a hacked could view the requests being sent and emulate it themselves, tweaking the POST values. The bottom line is that NO request sent via http is secure - it can always be mocked.
The PayPal integration zipfile that you're working from was actually just based on a library from PayPal themselves. I tweaked it to simplify a few things, but it hasn't actually been changed that much. No, it's not great: relying on the JS submit, for example, is pretty crumby; generating a bunch of hidden form fields is again, not great. But in essence, this is how most PayPal integrations work.
So all in all, I wouldn't worry too much. A dedicated hacker will always be able to put through a payment with invalid values. You have to be vigilant on the administrative front to check payments to ensure they're valid. Sucks, but there you go.
How's your PayPal integration going, by the way? I wish I had more time! This week I've been reading about your problems you've posted and felt bad I don't have time to respond. But if you're stuck on anything this weekend and need a lending hand, email me at ben.keen@gmail.com and I'll see if I can help out. I'm around most weekends.
- Ben