Dynamic PayPal button generation - isn't it very insecure?

Question

I am just wondering here.. Aren\'t the PayPal buttons that are dynamically created, very unsecure, and easily \"hackable\"?

Like so:

Answer 1

You're right - dynamic PayPal buttons are easily "hackable" if you pass, for example, the price of the product in clear text.

However, PayPal supports public-key button encryption, so that the relevant details can not be easily altered. This is the way it works:

• You generate a public/private key pair with an appropriate program such as OpenSSL.
• You log in to your PayPal account and submit the public key to PayPal, then store the private key securely on your Web server. You will also need to download PayPal's certificate and store it on your server as well. It is also highly recommended to tell PayPal not to accept unsigned/unencrypted transactions (see link at bottom for details).
• Each time you need to generate a PayPal button, you encrypt the data using PayPal's public key and sign it with your private key, then you display the result on your Web page. When the user clicks the button, PayPal will decrypt the details and check they have not been tampered with since their generation on your server.

This way, as long as your private key is uncompromised, no one will be able to alter the transaction's details.

More information and detailed instructions are available at https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_html_encryptedwebpayments#id08A3I0P017Q. (Although PayPal provides its software to generate encrypted buttons, I think it's possible to create them "on the fly" using appropriate functions, such as openssl_*() in PHP; I haven't tested them personally).

An alternative would be implementing Instant Payment Notification (https://cms.paypal.com/us/cgi-bin/?cmd=_render-content&content_ID=developer/e_howto_admin_IPNIntro); you could check that the amount of the transaction performed by the user equals the total order amount.