Hi.
On Tue, 17 Jul 2007, Mifa wrote:
> I have set up a webpage that allows payments via paypal. Is it
> secure?
This depends on what is your threat model.
> Below is the data submitted (as seen with tamper data)
> [...]
> 1) Can this be decrypted? This string is after all hard coded into the
> paypal button.
> a)If so how?
> 2) What apps might decode and recode this data.
First you need to urldecode it, e.g., `%2F' is `/', `%3D' is `=', and
`+' is ` ' (space) after it is looks like a base64-encoded data (you
can use, e.g., `openssl base64 -d' to decode it) and PKCS#7
(Cryptographic Message Syntax Standard) can also be decoded by
openssl.
--
Regards,
ASK
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
|