I just finished doing some integration work with PayPal, and I have to say I'm impressed by the approach they've taken.
Suppose you want to sell cupcakes from your website. To do this using the standard PayPal integration, you'd log into your PayPal account, click on Merchant Services and then click on the Buy Now Button option. This will take you to a form where you would fill out the details of what you want to sell:
To finish up, you would click Create Button Now and paste the HTML on your web page. And you're done.
Here's what threw me for a loop: PayPal doesn't manage your inventory. That is, PayPal doesn't care what items you want to sell, it simply allows you to generate buttons.
I think this is brilliant (from PayPal's perspective, anyway) because it means their lives are simplified. They don't need to worry about giving tools to sellers to manage their inventory. That can all be done on the client side.
But there's a catch. Check out the button code:
<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post"> <input type="hidden" name="cmd" value="_xclick"> <input type="hidden" name="business" value="test-b_1221977553_per@ideas2executables.com"> <input type="hidden" name="item_name" value="Yummy Cupcakes"> <input type="hidden" name="amount" value="1000.00"> <input type="hidden" name="no_shipping" value="0"> <input type="hidden" name="no_note" value="1"> <input type="hidden" name="currency_code" value="USD"> <input type="hidden" name="lc" value="US"> <input type="hidden" name="bn" value="PP-BuyNowBF"> <input type="image" src="https://www.sandbox.paypal.com/en_US/i/btn/btn_buynow_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!"> <img alt="" border="0" src="https://www.sandbox.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1"> </form>
This code would be trivial to forge - if you wanted to, you could buy my cupcakes at a price other than the $1,000 I'm selling them for. All you'd need to do this is the most basic HTML skills.
PayPal could have re-examined their approach, and decided to manage the inventory on their own site. If they had done this, then the above form would just contain an item identifier, and the price wouldn't be exposed.
But they didn't do this. Instead, they offer the ability to encrypt the form. When you do this, you end up with the exact same form as above but in a non-editable fashion:
<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post"> <input type="hidden" name="cmd" value="_s-xclick"> <input type="image" src="https://www.sandbox.paypal.com/en_US/i/btn/btn_buynow_LG.gif" border="0" name="submit" alt="PayPal - The safer, easier way to pay online!"> <img alt="" border="0" src="https://www.sandbox.paypal.com/en_US/i/scr/pixel.gif" width="1" height="1"> <input type="hidden" name="encrypted" value="-----BEGIN PKCS7-----MIIHkQYJKoZIhvcNAQcEoIIHgjCCB34CAQExggE6MIIBNgIBADCBnjCBmDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMRUwEwYDVQQKEwxQYXlQYWwsIEluYy4xFjAUBgNVBAsUDXNhbmRib3hfY2VydHMxFDASBgNVBAMUC3NhbmRib3hfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tAgEAMA0GCSqGSIb3DQEBAQUABIGAdZ71TWBiNmn1I6SM4UpnDrnBtZ8WOmNI3XGQVNnVWmMBV7z0bkNk7o6vOWGZVCjDSe5xKXRL3myUGymabFhg7oXnE+FpAiVq+3Ne/6h6T2nIUHWaa5dnkuJdzakCUTDVd/+zVhdziZXg9iptjxBZgzS2Hrw4J0AYaNiDFs0KfQsxCzAJBgUrDgMCGgUAMIHcBgkqhkiG9w0BBwEwFAYIKoZIhvcNAwcECG04zbohmaihgIG4AtCWX0EYK5Og1RmVeHL3uNQofkcQdd4GPEMY8QDklaHHp9SqA3bPNiskfQOEdXWgm0Lq2aLXXMXdLJcxeDkwRZlQCA12rFLEnE3bMpC+yg/7L69WuRH0/yrCTiRLrCUgMssW1e5bTMFav4fYGr3v+GdNKtCZQkbxv6fztE91AK0FW06UCWR3izxSJ2rNFQ9e+lf4BGxwur4tH5dGugWPvR02bLFkE9vGu+bGZwWGma75sR24NTV336CCA6UwggOhMIIDCqADAgECAgEAMA0GCSqGSIb3DQEBBQUAMIGYMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8GA1UEBxMIU2FuIEpvc2UxFTATBgNVBAoTDFBheVBhbCwgSW5jLjEWMBQGA1UECxQNc2FuZGJveF9jZXJ0czEUMBIGA1UEAxQLc2FuZGJveF9hcGkxHDAaBgkqhkiG9w0BCQEWDXJlQHBheXBhbC5jb20wHhcNMDQwNDE5MDcwMjU0WhcNMzUwNDE5MDcwMjU0WjCBmDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMRUwEwYDVQQKEwxQYXlQYWwsIEluYy4xFjAUBgNVBAsUDXNhbmRib3hfY2VydHMxFDASBgNVBAMUC3NhbmRib3hfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3luO//Q3So3dOIEv7X4v8SOk7WN6o9okLV8OL5wLq3q1NtDnk53imhPzGNLM0flLjyId1mHQLsSp8TUw8JzZygmoJKkOrGY6s771BeyMdYCfHqxvp+gcemw+btaBDJSYOw3BNZPc4ZHf3wRGYHPNygvmjB/fMFKlE/Q2VNaic8wIDAQABo4H4MIH1MB0GA1UdDgQWBBSDLiLZqyqILWunkyzzUPHyd9Wp0jCBxQYDVR0jBIG9MIG6gBSDLiLZqyqILWunkyzzUPHyd9Wp0qGBnqSBmzCBmDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMRUwEwYDVQQKEwxQYXlQYWwsIEluYy4xFjAUBgNVBAsUDXNhbmRib3hfY2VydHMxFDASBgNVBAMUC3NhbmRib3hfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAVzbzwNgZf4Zfb5Y/93B1fB+Jx/6uUb7RX0YE8llgpklDTr1b9lGRS5YVD46l3bKE+md4Z7ObDdpTbbYIat0qE6sElFFymg7cWMceZdaSqBtCoNZ0btL7+XyfVB8M+n6OlQs6tycYRRjjUiaNklPKVslDVvk8EGMaI/Q+krjxx0UxggGkMIIBoAIBATCBnjCBmDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExETAPBgNVBAcTCFNhbiBKb3NlMRUwEwYDVQQKEwxQYXlQYWwsIEluYy4xFjAUBgNVBAsUDXNhbmRib3hfY2VydHMxFDASBgNVBAMUC3NhbmRib3hfYXBpMRwwGgYJKoZIhvcNAQkBFg1yZUBwYXlwYWwuY29tAgEAMAkGBSsOAwIaBQCgXTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0wODA5MjMwNjAxMjBaMCMGCSqGSIb3DQEJBDEWBBQLhPRwzZAHKp6qbbgs2TwAPIFJljANBgkqhkiG9w0BAQEFAASBgCDL36AdcruGVvfMGg59XndpbacbtjnZsIP/Kr3aCc64uSuJKC4w9+yXTvmLbtSOc1eofCep/6dFxdC7C6WysfcI3DUs9PJjfWxNosf+K9foVjMNChL96V89XYorbRQ1/eEsJo0K8wud+OzDSkvZZuaUSA5taBSaeaVzNB2Lvp+a-----END PKCS7----- "> </form>
Along with this encryption ability, they also offer Instant Payment Notification (IPN) which is another useful tool for validating that the data you're receiving hasn't been tampered with. It also serves as a general purpose hook that PayPal can use to allow developers to integrate with them.
Why is this so exciting to me?
- It's a novel approach to storing client state. Rather than storing it on the server, store it encrypted on the client.
- It's an example of offering less. PayPal could have built an inventory management system (and they may do so), but for now, they've avoided quite a bit of headache by not going down this path. This is an approach that usually benefits smaller customers.
- It's a nice example of encryption in the wild
- I'm a strange guy and I happen to excite easily.
The encryption is definitely a neat idea! I've played with shopping carts where pricing data is submitted by the client as well, and it just really makes me question a website's security infrastructure when I see things like that.
ReplyDeleteI blogged about one such instance a couple years ago:
Name your own price on dental products
It was fun to play with, but they totally lost me as a potential customer because of that.