If someone happens to get into your server/hosting via FTP or somehow getting on your computer they can easily get your email and password and have all sorts of fun spending your money on paypal. Usually paypal has a way to generate API Keys to use rather than plain text emails/passwords
On Aug 18, 7:58 am, "[email protected]" <[email protected]> wrote: > Hi there, I'm interested in using this > plugin:http://bakery.cakephp.org/articles/parris/2009/07/08/paypal-payments-... > > It's a component which as the name suggests uses curl to interact with > paypal. In the code there is a constants.php file which is where all > the defines are, like username and password for the paypal API. But > there's a note saying: "IMPORTANT - HAVING YOUR API PASSWORD INCLUDED > IN THE MANNER IS NOT SECURE, AND ITS ONLY BEING SHOWN THIS WAY FOR > TESTING PURPOSES" > > The constants.php file is going to be in the vendors/paypal folder > which is outside the docroot, and therefore I thought it would be > reasonably safe. How come it's not and what do I need to do to make it > safe? > > Thanks in advance ;) > Sarah -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php
