PHP: how do I manually encrypt name value data

0
votes

I am trying to implement a 'Pay Now' button on my website for the first time. I have designed my own customer information, and just want to pass cart contents and total to PayPal for payment processing. I am completely new to this, so please be gentle :D! I am leaning toward simple Payment Standard HTML form, which I can customize through PHP. No problem there. I have a SSL certificate through my web host.

My question is how or even whether I should go about encrypting the individual form name/value pair fields. Obviously, I don't want a hacker to be able to alter or re-direct any of the payment process. Does the SSL take care of this so that I don't need to worry? If so, how to I properly implement my SSL certificate in my data transfer with PayPal? If not, then how do I approach encrypting my button data (as PayPal seems to recommend)?

I was also thinking of having my purchase button link to a page with a form that auto submits on opening so that source code cannot be easily snooped... thoughts?

I know this is a big can of worms, but appreciate the expertise of everyone here in sharing their thoughts!! Thank you in advance :)

1
phpsslencryptionpaypal
SSL protects the network traffic against eavesdropping and modification (but not necessarily replay). Ideally one would just hand the information over to the Payment Processor (e.g. Paypal) and not need to "store" it locally. However, I wonder how this PayPal "button data" works .. have a resource/URL to such recommendations?user2864740

1 Answers

0
votes

I don't know what you mean by "individual form name/value pair". Just follow the paypal api guide. They aren't going to have you send any sensitive data to them, they handle it all on their site. Serving the button on an encrypted page (SSL/TLS) does prevent some security risks but the whole idea of an auto submitting page is a complete waste of time.