Community Support Forums

Re: Encoded Google Checkout Button

2011-10-23T13:00:00-05:00

Yes, please see this thread regarding this vulnerability:
viewtopic.php?f=4&t=15232&p=41707#p41707

Encoding your Google checkout URL produced by s2Member would make it more difficult, but it won't prevent this vulnerability entirely, because it would still be possible to tamper with the variables before being redirected to Google Checkout. So ... more difficult, yes. A long-term solution, no.

We are currently working to address this in a future release of s2Member.
viewtopic.php?f=4&t=15232&p=41707#p41707

Statistics: Posted by Jason Caldwell — October 23rd, 2011, 1:00 pm

Re: Encoded Google Checkout Button

2011-10-23T11:10:18-05:00

Would there be some way to manually encode the url? Would Google URL shortener work? Thanks!

Statistics: Posted by cdlambden — October 23rd, 2011, 11:10 am

Re: Encoded Google Checkout Button

2011-10-22T09:35:56-05:00

Any updates on this? It's a pretty big vulnerability if they can just change the payment amout in the url and still get access. Thanks.

Statistics: Posted by cdlambden — October 22nd, 2011, 9:35 am

Re: Encoded Google Checkout Button

2011-10-21T07:00:35-05:00

Hi, I tried that and the url still isn't encrypted. Thanks.

Statistics: Posted by cdlambden — October 21st, 2011, 7:00 am

Re: Encoded Google Checkout Button

2011-10-20T22:37:10-05:00

You could try to have PayPal encrypt your buttons: WP Admin -> s2Member -> PayPal Options -> Account Details -> Enable Button Encryption.

Hope this helps.
P.S. Remember to report back.

Statistics: Posted by Eduan — October 20th, 2011, 10:37 pm

Encoded Google Checkout Button

2011-10-20T22:27:55-05:00

Hi, I have created a Google Checkout button in pro, but there's no ability to encode the url. They could easily edit the price in the url and pay 1 cent for your product. How can I encode the url/button so they can't do that? Thanks!

Statistics: Posted by cdlambden — October 20th, 2011, 10:27 pm