They can mimic the page even if you obscure the button code and variables.
Someday people will realize that phishing, redirects, cross-site scripting etc. are problems of authenticity, not
encryption. Anyone can get a site certificate and mimic your site. That includes an "EV" certificate that produces a
green address window. And anyone can get a payment button for their site.
deep sky wrote:
The variables in the html code can be viewed and someone can mimic the
page and change the price and stuffs.
On Jan 9, 2008 5:01 PM, Wes Kussmaul <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
Why?
What is revealed?
deep sky wrote:
> The add to cart Button codes are in html and can be viewed by
everyone.
> so, I need to encrypt them.
>
> On Jan 8, 2008 2:30 PM, Wes Kussmaul <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
> <mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>> wrote:
>
> deep sky wrote:
> > Can you elaborate a little bit more cause I'm totally new
to this
> > openssl. I'm doing this to create encryptions for my
paypal buttons
>
>
> You shouldn't need to do that. If you used PayPal's button
> generating facility, the resulting button sets up a tunnel
> between your customer's browser and PayPal.
>
--
Wes Kussmaul
CIO
The Village Group
738 Main Street
Waltham, MA 02451
781-647-7178
The information contained in this electronic message and any
attachments to this message are intended for the exclusive
use of the addressee(s) and may contain confidential or privileged
information. If you are not the intended recipient,
please notify attorney Mort Hapless at Vulner, Exposed & Wideopen
LLP immediately at either (781) 647-7178, or at
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>, and destroy all copies of
this message and any attachments. No, really. Really. Listen, we
mean it! Hey,
if you don't stop reading that confidential stuff about our client
you're in big trouble. OK, we're the ones in trouble
but we'll find a way to go after you, or at least we think we may be
able to. Look, we're begging you. Just click the
delete button and move on to a message that concerns you, OK?
Please?? We'll buy you lunch...
Identity is the Foundation of Security™. Let Authentrus
(authentrus.com <http://authentrus.com>) ensure that only intended
recipients receive
your confidential messages.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List
openssl-users@openssl.org <mailto:openssl-users@openssl.org>
Automated List Manager
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
