Search Results

Search found 1112 results on 45 pages for 'paypal sandbox'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 14/45 | < Previous Page | 10 11 12 13 14 15 16 17 18 19 20 21  | Next Page >

  • sandboxed web parts inside SharePoint 2010

    - by vrajaraman
    Is it possible to develop a web-part in ASP.NET (framework 2.0), to have a sandbox architecture, and deploy those web parts inside Share Point 2010 and/or MOSS 2007 we donot want to use any SharePoint dll reference with web parts we develop. we refer to the url, section at http://msdn.microsoft.com/en-us/library/ee539417.aspx (section Web Parts in Sandboxed Solutions)

    Read the article

  • Firefox Add-on for Opening Pages in Separate "Sandboxes"

    - by cosmic.osmo
    Is there a Firefox add-on that will allow someone to easily open up a page in a new tab or window so it will not share cookies and other session information with other windows? Basically, I want to be able to run Facebook, GMail, Google Search, etc, in separate sandboxes using different accounts. I recall seeing a blog posting about an add-on that did this without forcing you to set up different Firefox profiles, but I can't remember where I saw it or what it was called.

    Read the article

  • Masspay and MySql

    - by Mike
    Hi, I am testing Paypal's masspay using their 'MassPay NVP example' and I having difficulty trying to amend the code so inputs data from my MySql database. Basically I have user table in MySql which contains email address, status of payment (paid,unpaid) and balance. CREATE TABLE `users` ( `user_id` int(10) unsigned NOT NULL auto_increment, `email` varchar(100) collate latin1_general_ci NOT NULL, `status` enum('unpaid','paid') collate latin1_general_ci NOT NULL default 'unpaid', `balance` int(10) NOT NULL default '0', PRIMARY KEY (`user_id`) ) ENGINE=MyISAM AUTO_INCREMENT=6 DEFAULT CHARSET=latin1 COLLATE=latin1_general_ci Data : 1 [email protected] paid 100 2 [email protected] unpaid 11 3 [email protected] unpaid 20 4 [email protected] unpaid 1 5 [email protected] unpaid 20 6 [email protected] unpaid 15 I then have created a query which selects users with an unpaid balance of $10 and above : $conn = db_connect(); $query=$conn->query("SELECT * from users WHERE balance >='10' AND status = ('unpaid')"); What I would like to is for each record returned from the query for it to populate the code below: Now the code which I believe I need to amend is as follows: for($i = 0; $i < 3; $i++) { $receiverData = array( 'receiverEmail' => "[email protected]", 'amount' => "example_amount",); $receiversArray[$i] = $receiverData; } However I just can't get it to work, I have tried using mysqli_fetch_array and then replaced "[email protected]" with $row['email'] and "example_amount" with row['balance'] in various methods of coding but it doesn't work. Also I need it to loop to however many rows that were retrieved from the query as <3 in the for loop above. So the end result I am looking for is for the $nvpStr string to pass with something like this: $nvpStr = "&EMAILSUBJECT=test&RECEIVERTYPE=EmailAddress&CURRENCYCODE=USD&[email protected]&L_Amt=11&[email protected]&L_Amt=11&[email protected]&L_Amt=20&[email protected]&L_Amt=20&[email protected]&L_Amt=15"; Thanks

    Read the article

  • Retrieve Records from paypal csv file

    - by Pankaj Khurana
    Hi, I want to retrieve all the records from paypal csv file where type='Payment Processed' and store it in a database table.It should be available in the following format: 'Heading':'Value' The format of the csv is: "Transaction ID","Reference Transaction ID","Date","Type","Subject","Item Number","Item Name","Invoice ID","Name","Email","Shipping Name","Shipping Address Line 1","Shipping Address Line 2","Shipping Address City","Shipping State/Province","Shipping Zip/Postal Code","Shipping Address Country","Shipping Method","Address Status","Contact Phone Number","Gross Amount","Receipt ID","Custom Field","Option 1 Name","Option 1 Value","Option 2 Name","Option 2 Value","Note","Auction Site","Auction User ID","Item URL","Auction Closing Date","Insurance Amount","Currency","Fees","Net Amount","Shipping & Handling Amount","Sales Tax Amount","To Email","Time","Time Zone" "1T","",5/5/2010 2:10:44 PM,"Payment Processed","CFP Self Study Kit","1","CFP Self Study Kit","","User1","[email protected]","","","","","","","","","N","","68.18","R1","","","","","","","","","",,"","USD","-2.62","65.56","0","0","[email protected]","01:40","Asia/Calcutta" "2T","",5/19/2010 4:04:08 PM,"Payment Processed","CFP Self Study Kit","1","CFP Self Study Kit","","User2","[email protected]","","","","","","","","","N","","68.18","R2","","","","","","","","","",,"","USD","-2.62","65.56","0","0","[email protected]","03:34","Asia/Calcutta" "3T","1RT",5/19/2010 5:28:45 PM,"Currency Conversion Completed","","","",""," ","","","","","","","","","","N","","17492.6","","","","","","","","","","",,"","INR","0","17492.6","0","0","","04:58","Asia/Calcutta" "4T","2RT",5/19/2010 5:28:45 PM,"Currency Conversion Completed","","","",""," ","","","","","","","","","","N","","-393.36","","","","","","","","","","",,"","USD","0","-393.36","0","0","","04:58","Asia/Calcutta" "5T","",5/19/2010 5:28:45 PM,"Transfer to Bank Initiated","P1006","","P1006",""," ","","","","","","","","","","N","","-17492.6","","","","","","","","","","",,"","INR","0","-17492.6","0","0","","04:58","Asia/Calcutta" "6T","",5/20/2010 5:38:02 PM,"Transfer to Bank Completed","P1006","","P1006",""," ","","","","","","","","","","N","","-17492.6","","","","","","","","","","",,"","INR","0","-17492.6","0","0","","05:08","Asia/Calcutta" "7T","",5/21/2010 12:32:37 PM,"Payment Processed","FP - LVC Plus","","FP - LVC Plus","","User3","[email protected]","User3","NEW DELHI","BEHIND KARNATAKA BANK LD","SOUTH","NEW DELHI","110023","IN","","N","","283.96","","","","","","","","","","",,"","USD","-9.95","274.01","0","0","[email protected]","00:02","Asia/Calcutta" "8T","",5/25/2010 4:40:48 PM,"Transfer to Bank Initiated","P1006","","P1006",""," ","","","","","","","","","","N","","-12569.85","","","","","","","","","","",,"","INR","0","-12569.85","0","0","","04:10","Asia/Calcutta" "9T","3RT",5/25/2010 4:40:48 PM,"Currency Conversion Completed","","","",""," ","","","","","","","","","","N","","-274.01","","","","","","","","","","",,"","USD","0","-274.01","0","0","","04:10","Asia/Calcutta" "10T","4RT",5/25/2010 4:40:48 PM,"Currency Conversion Completed","","","",""," ","","","","","","","","","","N","","12569.85","","","","","","","","","","",,"","INR","0","12569.85","0","0","","04:10","Asia/Calcutta" "11T","",5/26/2010 4:57:39 PM,"Transfer to Bank Completed","P1006","","P1006",""," ","","","","","","","","","","N","","-12569.85","","","","","","","","","","",,"","INR","0","-12569.85","0","0","","04:27","Asia/Calcutta" "Total","-247.05 USD","-15.19","-262.24" "Total","0.00 INR","0.00","0.00" Please help me on this Thanks

    Read the article

  • Isolate user from the rest of the system..?

    - by Shiki
    There is a non-techsavvy user, who doesn't want to learn, and can only use Windows XP or 7. The problem is, that the computer is shared which she would like to use, and the computer stores sensitive, important data. Since she clicks on everything, it's quite a russian roulette. How could I isolate her account from the rest of the system? Like having a profile on the computer (it runs Windows 7 now) which would have the files and other stuff sandboxed? I was thinking of having a dual boot system, but that could compromise the files too, or the boot sector (talking about Windows). Linux is not a way, hence ... see the first line. Is there such a software that can set up a sandboxed environment?

    Read the article

  • activemerchant PayPalExpress transaction is invalid

    - by Ameya Savale
    I am trying to integrate activemerchant into my ruby on rails application. This is my controller where I get the purchase attirbutes and create a PaypalExpressResponse object def checkout total_as_cents, purchase_params = get_setup_params(Schedule.find(params[:schedule]), request) setup_response = @gateway.setup_purchase(total_as_cents, purchase_params) redirect_to @gateway.redirect_url_for(setup_response.token) end @gateway is my PaypalExpressGateway object which I create using this method in my controller def assign_gateway @gateway = PaypalExpressGateway.new( :login => api_user, :password => api_pass, :signature => api_signature ) end I got the api_user, api_pass, and api_signature values from my developer.paypal.com account, when I logged in for the first time there was already a sandbox user created as a merchant which is where I got the api credentials from. And finally here is my get_setup_params method: def get_setup_params(schedule, request) purchase_params = { :ip => request.remote_ip, :return_url => url_for(:action => 'review', :only_path => false, :sched => schedule.id), :cancel_return_url => register_path, :allow_note => true, :item => schedule.id } return to_cents(schedule.fee), purchase_params end How ever when I click on the checkout button, I get redirected to a sandbox paypal page saying "This transaction is invalid. Please return to the recipient's website to complete your transaction using their regular checkout flow." I'm not sure exactly what's wrong, I think the problem lies in the credentials but don't know why. Any help will be appreciated. One other point, I'm running this in my development environment so I have put this in my config file config.after_initialize do ActiveMerchant::Billing::Base.mode = :test end UPDATE Found out what the problem was, my return cancel url was invalid instead of using register_path, I used url_for(action: "action-name", :only_path => false) this answer helped me Rails ActiveMerchant - Paypal Express Checkout Error even though I wasn't able to see the output of the response like the person has managed to do

    Read the article

  • Windows 64bit Sandboxing software alternatives

    - by Pacifika
    As you might know sandboxing software doesn't work in 64bit Windows due to patchguard. What are the alternatives for a person looking to test untrusted / temporary software? Edit: @Nick I'd prefer an alternative to VMs as I'm not happy with the extended startup time, the extra login sequences and the memory overhead that accompanies booting a VM solution to test something out ocassionally as a home user. Also it's another system that needs to be kept secure and up to date.

    Read the article

  • Sandboxed Javascript Execution in an Internet Explorer Extension (BHO)

    - by TelegramSam
    Firefox has the Sandbox and evalInSandbox(). Chrome has sandboxed execution in their content scripts (they call it isolated execution). I'm looking for the same thing in an IE browser extension. I can load a javascript file, then call evalScript(), but the code executes in the same environment as javascript that exists on the page. I need a way to run my library (which includes and is based on jQuery) in an sandboxed/isolated environment, but still allow it to modify the DOM as if it were running on the page. Jint looks promising, but cannot currently evaluate jQuery. (They can parse it.) How can I do this?

    Read the article

  • How can I try a new language or framework without installing it?

    - by flamingLogos
    With so many languages and frameworks that exist, and with new ones appearing all the time, I don't have the time to download, install, and configure each one to evaluate it. In the past I've run across webapps that allow one to write or paste code into a window, and see the results in realtime in the browser, usually in a tutorial setting. What are your favorite sandbox sites for a given technology? Edit: @fretj provided the link to the excellent Google Code Playground (+1 upvote), but I thought that it was just for experimenting with Google's own apps (Search, Maps, Earth, Language, etc). But it turns out that it contains a few hidden gems: In addition to their apps, you can try out the many Javascript libraries that they host including jQuery, jQuery UI, MooTools, Dojo, and Prototype Scriptaculous. They're all hidden under the Libraries category in the "Pick an API" box. I overlooked the category because I thought it was for an app called Google Libraries. There's also a Javascript category for Javascript itself.

    Read the article

  • .NET Security Part 4

    - by Simon Cooper
    Finally, in this series, I am going to cover some of the security issues that can trip you up when using sandboxed appdomains. DISCLAIMER: I am not a security expert, and this is by no means an exhaustive list. If you actually are writing security-critical code, then get a proper security audit of your code by a professional. The examples below are just illustrations of the sort of things that can go wrong. 1. AppDomainSetup.ApplicationBase The most obvious one is the issue covered in the MSDN documentation on creating a sandbox, in step 3 – the sandboxed appdomain has the same ApplicationBase as the controlling appdomain. So let’s explore what happens when they are the same, and an exception is thrown. In the sandboxed assembly, Sandboxed.dll (IPlugin is an interface in a partially-trusted assembly, with a single MethodToDoThings on it): public class UntrustedPlugin : MarshalByRefObject, IPlugin { // implements IPlugin.MethodToDoThings() public void MethodToDoThings() { throw new EvilException(); } } [Serializable] internal class EvilException : Exception { public override string ToString() { // show we have read access to C:\Windows // read the first 5 directories Console.WriteLine("Pwned! Mwuahahah!"); foreach (var d in Directory.EnumerateDirectories(@"C:\Windows").Take(5)) { Console.WriteLine(d.FullName); } return base.ToString(); } } And in the controlling assembly: // what can possibly go wrong? AppDomainSetup appDomainSetup = new AppDomainSetup { ApplicationBase = AppDomain.CurrentDomain.SetupInformation.ApplicationBase } // only grant permissions to execute // and to read the application base, nothing else PermissionSet restrictedPerms = new PermissionSet(PermissionState.None); restrictedPerms.AddPermission( new SecurityPermission(SecurityPermissionFlag.Execution)); restrictedPerms.AddPermission( new FileIOPermission(FileIOPermissionAccess.Read, appDomainSetup.ApplicationBase); restrictedPerms.AddPermission( new FileIOPermission(FileIOPermissionAccess.pathDiscovery, appDomainSetup.ApplicationBase); // create the sandbox AppDomain sandbox = AppDomain.CreateDomain("Sandbox", null, appDomainSetup, restrictedPerms); // execute UntrustedPlugin in the sandbox // don't crash the application if the sandbox throws an exception IPlugin o = (IPlugin)sandbox.CreateInstanceFromAndUnwrap("Sandboxed.dll", "UntrustedPlugin"); try { o.MethodToDoThings() } catch (Exception e) { Console.WriteLine(e.ToString()); } And the result? Oops. We’ve allowed a class that should be sandboxed to execute code with fully-trusted permissions! How did this happen? Well, the key is the exact meaning of the ApplicationBase property: The application base directory is where the assembly manager begins probing for assemblies. When EvilException is thrown, it propagates from the sandboxed appdomain into the controlling assembly’s appdomain (as it’s marked as Serializable). When the exception is deserialized, the CLR finds and loads the sandboxed dll into the fully-trusted appdomain. Since the controlling appdomain’s ApplicationBase directory contains the sandboxed assembly, the CLR finds and loads the assembly into a full-trust appdomain, and the evil code is executed. So the problem isn’t exactly that the sandboxed appdomain’s ApplicationBase is the same as the controlling appdomain’s, it’s that the sandboxed dll was in such a place that the controlling appdomain could find it as part of the standard assembly resolution mechanism. The sandbox then forced the assembly to load in the controlling appdomain by throwing a serializable exception that propagated outside the sandbox. The easiest fix for this is to keep the sandbox ApplicationBase well away from the ApplicationBase of the controlling appdomain, and don’t allow the sandbox permissions to access the controlling appdomain’s ApplicationBase directory. If you do this, then the sandboxed assembly can’t be accidentally loaded into the fully-trusted appdomain, and the code can’t be executed. If the plugin does try to induce the controlling appdomain to load an assembly it shouldn’t, a SerializationException will be thrown when it tries to load the assembly to deserialize the exception, and no damage will be done. 2. Loading the sandboxed dll into the application appdomain As an extension of the previous point, you shouldn’t directly reference types or methods in the sandboxed dll from your application code. That loads the assembly into the fully-trusted appdomain, and from there code in the assembly could be executed. Instead, pull out methods you want the sandboxed dll to have into an interface or class in a partially-trusted assembly you control, and execute methods via that instead (similar to the example above with the IPlugin interface). If you need to have a look at the assembly before executing it in the sandbox, either examine the assembly using reflection from within the sandbox, or load the assembly into the Reflection-only context in the application’s appdomain. The code in assemblies in the reflection-only context can’t be executed, it can only be reflected upon, thus protecting your appdomain from malicious code. 3. Incorrectly asserting permissions You should only assert permissions when you are absolutely sure they’re safe. For example, this method allows a caller read-access to any file they call this method with, including your documents, any network shares, the C:\Windows directory, etc: [SecuritySafeCritical] public static string GetFileText(string filePath) { new FileIOPermission(FileIOPermissionAccess.Read, filePath).Assert(); return File.ReadAllText(filePath); } Be careful when asserting permissions, and ensure you’re not providing a loophole sandboxed dlls can use to gain access to things they shouldn’t be able to. Conclusion Hopefully, that’s given you an idea of some of the ways it’s possible to get past the .NET security system. As I said before, this post is not exhaustive, and you certainly shouldn’t base any security-critical applications on the contents of this blog post. What this series should help with is understanding the possibilities of the security system, and what all the security attributes and classes mean and what they are used for, if you were to use the security system in the future.

    Read the article

  • How to safely let users submit custom themes/plugins for a Rails app

    - by Brian Armstrong
    In my rails app I'd like to let users submit custom "themes" to display data in various ways. I think they can get the data in the view using API calls and I can create an authentication mechanism for this. Also an authenticated API to save data. So this is probably safe. But i'm struggling with the best way to let users upload/submit their own code for the theme. I want this to work sort of like Wordpress themes/plugins where people can upload the thing. But there are some security risks. For example, if I take the uploaded "theme" a user submits and put it in it's own directory somewhere inside the rails app, what are the risks of this? If the user inserts any rails executable code in their theme, even though it's the view they have full access at that point to all the models, everyone's data, etc. Even from other users. So that is not good. I need some way to let the uploaded themes exist in a sandbox of the rails app, but I haven't seen a good way to do this. Any ideas?

    Read the article

  • how do redirect values to other page without click event in html. Below code is fine IE. But Not in

    - by karthik
    I have implemented paypal in my web page. Process is 'given inputs are redirect to other page(2 nd page) which have to get that input and redirect to paypal page(third page). Here we submit data on first page. value pass to second page(in this page user interaction not allowed) after pass to third page.It works fine in IE . But Not In Mozila.Send any Solution. Code sample(second page): <%string product = Request.QueryString["productName"].ToString();% <% string amount = Request.QueryString["price"].ToString(); % " " document.all.frmpaypal.submit(); Fine in IE, Not In Mozila

    Read the article

  • PHP: How to check for response code?

    - by Tom
    Hi, I'm a relative PHP newbie implementing a PayPal IPN listener and all seems to be working fine, except I dont really know how to check for a response code. I've tried something ugly with cURL but it doesn't work at all (I'm not understanding cURL). I've tried this piece of code that I grabbed from somewhere on the net: $fp = fsockopen('ssl://www.sandbox.paypal.com', 443, $errno, $errstr, 30); $response_headers = get_headers($fp); $response_code = (int)substr($headers[0], 9, 3); ... but it's not working (returns $response_code = 0). So right now, I'm debugging my IPN code without checking for a Response 200. Can anyone more experienced advise me on what's the proper/simple way to check this? Thanks

    Read the article

  • WebDav rename fails on an Apache mod_dav install behind NginX

    - by The Daemons Advocate
    I'm trying to solve a problem with renaming files over WebDav. Our stack consists of a single machine, serving content through Nginx, Varnish and Apache. When you try to rename a file, the operation fails with the stack that we're currently using. To connect to WebDav, a client program must: Connect over https://host:443 to NginX NginX unwraps and forwards the request to a Varnish server on http://localhost:81 Varnish forwards the request to Apache on http://localhost:82, which offers a session via mod_dav Here's an example of a failed rename: $ cadaver https://webdav.domain/ Authentication required for Webdav on server `webdav.domain': Username: user Password: dav:/> cd sandbox dav:/sandbox/> mkdir test Creating `test': succeeded. dav:/sandbox/> ls Listing collection `/sandbox/': succeeded. Coll: test 0 Mar 12 16:00 dav:/sandbox/> move test newtest Moving `/sandbox/test' to `/sandbox/newtest': redirect to http://webdav.domain/sandbox/test/ dav:/sandbox/> ls Listing collection `/sandbox/': succeeded. Coll: test 0 Mar 12 16:00 For more feedback, the WebDrive windows client logged an error 502 (Bad Gateway) and 303 (?) on the rename operation. The extended logs gave this information: Destination URI refers to different scheme or port (https://hostname:443) (want: http://hostname:82). Some other Restrictions: Investigations into NginX's Webdav modules show that it doesn't really fit our needs, and forwarding webdav traffic to Apache isn't an option because we don't want to enable Apache SSL. Are there any ways to trick mod_dav to forward to another host? I'm open to ideas :).

    Read the article

  • Les plateformes de développement d'eBay et de PayPal fusionnent, les deux communautés de développeurs vont-elles bien s'entendre ?

    Les plateformes de développement d'eBay et de PayPal fusionnent, les deux communautés de développeurs vont-elles bien s'entendre ? PayPal et eBay viennent d'annoncer qu'ils vont fusionner leurs programmes de développement. La plateforme unifiée ainsi crée permettra aux développeurs externes de réaliser des applications d'e-commerce et de paiement, pour de nombreux appareils. Le but de la manoeuvre : ouvrir la porte à une "nouvelle expérience commerciale" où les ventes sont poussées par les innovations digitales, pour répondre aux exigences de "moyens de paiement intégrés disponibles en continu et n'importe où", de la part des consommateurs. La scission entre les équipes de développement des deux e...

    Read the article

  • Private domain purchase with paypal: how to prevent fraud?

    - by whamsicore
    I am finally going to buy a domain I have been looking at. The domain owner wants me to give him my Godaddy account information and send him the payment via Paypal gift, so that there will be no extra charges. Should this cause suspicion? Does Paypal offer any kind of fraud protection? What is the best way to protect myself from fraud in this situation, without the need for escrow services, such as escrow.com? Any advice welcomed. Thanks.

    Read the article

  • Windows 8 : PayPal publie une API pour le paiement in-app, sortie d'une flopée d'applications dont Dropbox, Twitter, ESPN

    Windows 8 : PayPal publie une API pour le paiement in-app sortie d'une flopée d'applications dont Dropbox, Twitter, ESPN PayPal vient de sortir son API pour Windows 8. L'interface de programmation de la société permettra aux développeurs d'intégrer des moyens de paiement dans leurs applications Windows 8. Parmi les différents modes de monétisation dont supporte l'API, on va noter la présence du paiement in-app qui a été mis en avant par Microsoft. Cette option permettra aux développeurs de facturer des mises à jour, des fonctionnalités additionnelles ou encore les contenus d'une application. À titre d'exemple, Microsoft cite le jeu Crowdstar "Fish wit...

    Read the article

  • How can I create a temporary sandbox to compile from source?

    - by zoopp
    I want to follow the steps found here in order to run League of Legends under Ubuntu. According to the guide, I have to compile wine from source because it needs some patches. Compiling from source involves downloading quite a few dependency packages which I don't want to get mixed with the system and thus I'm wondering if there's a way to somehow isolate the whole "download dependencies packages and compile" process as I am only interested in the final wine binary. By isolating the compile process I can just copy the resulting binary and do a simple delete on the sandbox whereas doing it the naive way would require a more complex cleanup.

    Read the article

  • PHP Shopping Cart Script - When to empty cart?

    - by john
    Im working on a shopping cart script in php and need some advice on how to handle the final process. Once the customer has entered items into the cart, chosen shipping option, and then clicked the checkout button, they are then redirected to a paypal button which is dynamically generated using BMCreateButton. My question is, when is the best time to empty the customers cart? I have set up the auto return feature on paypal, which i was goin to use to then empty the cart, but its not very good as customers have to click a link in order to redirect. So should i empty it when they click the checkout button just before the dynamic button? I can also use these setting in php to prevent cach back button issues // Date in the past header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Always modified header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // HTTP/1.1 header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); // HTTP/1.0 header("Pragma: no-cache"); What would to guys recommend? cheers.

    Read the article

  • using paypals html api is safe?

    - by ajsie
    im trying out paypals html api where you specify price, item_name, customer information and so on in the html: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" id="payPalForm"> <input type="hidden" name="cmd" value="_cart" /> <input type="hidden" name="upload" value="1" /> <input type="hidden" name="no_note" value="1" /> <input type="hidden" name="business" value="[email protected]" /> <input type="hidden" name="currency_code" value="SEK" /> <input type="hidden" name="return" value="http://freelanceswitch.com/payment-complete/" /> <input type="hidden" name="tax_rate" value="25" /> <input type="hidden" name="item_name_1" value="Apple Macpro" /> <input type="hidden" name="item_number_1" value="01 - Product 1" /> <input type="hidden" name="amount_1" value="25000" /> <input type="hidden" name="item_name_2" value="Apple Macbook" /> <input type="hidden" name="item_number_2" value="02 - Product 2" /> <input type="hidden" name="amount_2" value="12500" /> <input type="hidden" name="item_name_3" value="Apple Macbook Air" /> <input type="hidden" name="item_number_3" value="03 - Product 3" /> <input type="hidden" name="amount_3" value="12500" /> <input type="submit" name="Submit" value="Submit" /> </form> when the user clicks submit it takes him/her to paypals payment page. but doesn't this mean that a hacker could change the order by manipulating the html code? i can´t figure out how paypal prevents this security problem.

    Read the article

  • Edit Settings in web.config

    - by Scott Selby
    I didn't know how to title this question - I am making a request to PayPal's Express Payment API. I am using their dll that helps make the request and parse the response. The instructions for their code to work is to add you authorization credentials in the web.config file. I have done so. My problem is that I want to be able to edit these credentials that are being set dynamically ( probably get from SQL ) because we are going to allow different users to enter their API credentials. Sending the request to PayPal looks like this Dim wrapper As New SetExpressCheckoutReq() wrapper.SetExpressCheckoutRequest = request Dim service As New PayPalAPIInterfaceServiceService() Dim setECResponse As SetExpressCheckoutResponseType = service.SetExpressCheckout(wrapper) There's not much room in there to edit the header of the request , because PayPalAPIInterfaceServiceService() is defined in their dll and applies its own header based on the credentials in the web.config. So, my question is , is there a way to point in the web.config to another location when it looks in web.config? I'm not to sure this is possible , also is there any way to edit the header of a request that is defined in a dll without changing the dll (to stay pci compliant) The line in the web.config is here: <account apiUsername="****" apiPassword="****" apiSignature="****"/>

    Read the article

  • .NET Security Part 3

    - by Simon Cooper
    You write a security-related application that allows addins to be used. These addins (as dlls) can be downloaded from anywhere, and, if allowed to run full-trust, could open a security hole in your application. So you want to restrict what the addin dlls can do, using a sandboxed appdomain, as explained in my previous posts. But there needs to be an interaction between the code running in the sandbox and the code that created the sandbox, so the sandboxed code can control or react to things that happen in the controlling application. Sandboxed code needs to be able to call code outside the sandbox. Now, there are various methods of allowing cross-appdomain calls, the two main ones being .NET Remoting with MarshalByRefObject, and WCF named pipes. I’m not going to cover the details of setting up such mechanisms here, or which you should choose for your specific situation; there are plenty of blogs and tutorials covering such issues elsewhere. What I’m going to concentrate on here is the more general problem of running fully-trusted code within a sandbox, which is required in most methods of app-domain communication and control. Defining assemblies as fully-trusted In my last post, I mentioned that when you create a sandboxed appdomain, you can pass in a list of assembly strongnames that run as full-trust within the appdomain: // get the Assembly object for the assembly Assembly assemblyWithApi = ... // get the StrongName from the assembly's collection of evidence StrongName apiStrongName = assemblyWithApi.Evidence.GetHostEvidence<StrongName>(); // create the sandbox AppDomain sandbox = AppDomain.CreateDomain( "Sandbox", null, appDomainSetup, restrictedPerms, apiStrongName); Any assembly that is loaded into the sandbox with a strong name the same as one in the list of full-trust strong names is unconditionally given full-trust permissions within the sandbox, irregardless of permissions and sandbox setup. This is very powerful! You should only use this for assemblies that you trust as much as the code creating the sandbox. So now you have a class that you want the sandboxed code to call: // within assemblyWithApi public class MyApi { public static void MethodToDoThings() { ... } } // within the sandboxed dll public class UntrustedSandboxedClass { public void DodgyMethod() { ... MyApi.MethodToDoThings(); ... } } However, if you try to do this, you get quite an ugly exception: MethodAccessException: Attempt by security transparent method ‘UntrustedSandboxedClass.DodgyMethod()’ to access security critical method ‘MyApi.MethodToDoThings()’ failed. Security transparency, which I covered in my first post in the series, has entered the picture. Partially-trusted code runs at the Transparent security level, fully-trusted code runs at the Critical security level, and Transparent code cannot under any circumstances call Critical code. Security transparency and AllowPartiallyTrustedCallersAttribute So the solution is easy, right? Make MethodToDoThings SafeCritical, then the transparent code running in the sandbox can call the api: [SecuritySafeCritical] public static void MethodToDoThings() { ... } However, this doesn’t solve the problem. When you try again, exactly the same exception is thrown; MethodToDoThings is still running as Critical code. What’s going on? By default, a fully-trusted assembly always runs Critical code, irregardless of any security attributes on its types and methods. This is because it may not have been designed in a secure way when called from transparent code – as we’ll see in the next post, it is easy to open a security hole despite all the security protections .NET 4 offers. When exposing an assembly to be called from partially-trusted code, the entire assembly needs a security audit to decide what should be transparent, safe critical, or critical, and close any potential security holes. This is where AllowPartiallyTrustedCallersAttribute (APTCA) comes in. Without this attribute, fully-trusted assemblies run Critical code, and partially-trusted assemblies run Transparent code. When this attribute is applied to an assembly, it confirms that the assembly has had a full security audit, and it is safe to be called from untrusted code. All code in that assembly runs as Transparent, but SecurityCriticalAttribute and SecuritySafeCriticalAttribute can be applied to individual types and methods to make those run at the Critical or SafeCritical levels, with all the restrictions that entails. So, to allow the sandboxed assembly to call the full-trust API assembly, simply add APCTA to the API assembly: [assembly: AllowPartiallyTrustedCallers] and everything works as you expect. The sandboxed dll can call your API dll, and from there communicate with the rest of the application. Conclusion That’s the basics of running a full-trust assembly in a sandboxed appdomain, and allowing a sandboxed assembly to access it. The key is AllowPartiallyTrustedCallersAttribute, which is what lets partially-trusted code call a fully-trusted assembly. However, an assembly with APTCA applied to it means that you have run a full security audit of every type and member in the assembly. If you don’t, then you could inadvertently open a security hole. I’ll be looking at ways this can happen in my next post.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 10 11 12 13 14 15 16 17 18 19 20 21  | Next Page >