Quote:
Originally Posted by arne1288
Security through obscurity is not going to help you.
It's about fixing the flaws, not simply attempting to hide or obfuscate them.
If all you do is adding AJAX stuff you say on top of the current code, then what you are doing is not going to help you at all.
If you're really working with AJAX, you should actually know that it is JavaScript, and that the J in "AJAX" actually stands for JavaScript:
JavaScript is handled purely client side, not server side AT ALL, a simple Google search can let you confirm that.
No matter what you send using JavaScript (or AJAX) to the server, is still being returned to the JavaScript part to be processed later on, and here you can still manipulate it, if you want to.
Feel free to try to make an example demonstrating your way, but if you aren't changing your communication with PayPal, please trust me when I tell you - you're not going to fix the issue 100% and only ending up on doing "security through obscurity", which is literally the same as doing nothing: the flaws would still remain.
|
He means taking the POST request out of the client sided HTML, and just make a POST request to something like this. I've made it a GET request instead though so you can just paste it in if you want to see. It seems like a fine approach, I haven't really been following this plugin but just wanted to say what I think @Arkarr was trying to. I think he just brought up AJAX as a way to call the PHP script, not to use it to send the data with to Paypal.
http://mrderp.xyz/makepayments.php?tier=1 (If the page loads slow it's just my shitty box it's on)
https://pastebin.com/wtayNh9C
__________________