Hi all, I'm working on a non-active merchant setup through paypal using just the standard plan, which is currently free.
I've already setup my site with IPN and openssl cert/pems. I'm passing all data to paypal 100% encrypted and have configuration on paypal set to only accept encryption connections. However, I noticed through firefox that after I purchase on the sandbox test platform that I receive a message that although this page is encrypted the information you are about to send will be sent over an unencrypted connection.. Is this a problem? I am using the Ryan Bates tutorial railscast epp. 141, 142, and 143. I have everything working 100% and tested IPN returns through localhost using curl. Everything is sent encrypted but everything returned from paypal appears unencrypted. Is there something that I need to do on my end? I know this won't happen if my site were https but I'm not going to be able to do that. I have it set so that the return payments notification url passes a secret key so that when it returns it has to match up in order to be valid from paypal. I also test against several other return parameters. While the request sent to paypal cannot be spoofed currently, I'm worried that the return from paypal can and what I can do to protect that using their gateway. Thanks in advance for any advice and input on this. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
