[pmwiki-users] Paypal buttons

Russ pmwiki at russhosting.com
Thu Jul 14 09:42:09 CDT 2011

Hi Hans,

Yes, If the code in unencrypted, you can see the price and description 
fields in the HTML source code ... all someone would have to do is 
copy/paste the form code for the button, then submit the form with 
whatever price they choose.  For physical products or low-risk 
transactions, you're fine from a practical perspective.  For digital 
(instant) downloads or high-risk activities (selling high value 
electronics, etc.), though, you definitely want to use PayPal's 
encrypted buttons.  As long as the store owner will be diligent when 
reviewing and processing orders, worst case is the inconvenience of 
having to refund and cancel any orders where the payment doesn't match 
the price.

However, another important piece of information in the unencrypted 
PayPal button code is the vendor email address they use with their 
PayPal ... that email address will get scraped by spambots and opens the 
door for hackers / phishers.


On 14/07/2011 3:35 AM, Hans wrote:
> Does it mean a customer can submit a payment (to Paypal) for an item with
> a changed price? I can see that this may not be noticed by the seller
> if he does not verify the amount paid to what is really asked.

More information about the pmwiki-users mailing list