Re: Paypal and "going root"

>> Has anybody pondered this and come up with anything?

    Well, I've done e-commerce stuff although it was with banks, not paypal.
There are a few levels of safety :

    - Level 0 : Total stupidity (osCommerce)
    Bank redirects to your site. Order is marked as paid with "paid=1" in the
URL.
    Solution : fire the programmer

    - Level 1 : callback
    Bank hits URL on your site with data you provided (order_id) so you may
mark the order as paid.
    Technical documentation says to verify the transaction by checking the
bank server's IP address.
    Solution : choose another bank

    - Level 3 : crypto
    Bank hits URL on your site with data you provided (order_id) so you may
mark the order as paid.
    Bank encrypts everything and securely signs the data (HMAC,
certificate...)
    This works well.

    Additionally, you can hit a URL on the bank to check validity. However,
if this is not encrypted (SSL...) can you be sure who you are talking to ?

    My advice is to store, in your table, the signed and encrypted data the
bank sends you.
    Suppose a hacker breaks your verification code and marks his order as
paid in the database. Even so, he will never be able to use the bank's
certificate to generate a fake signed payment confirmation to insert in
your log table. And, usually, the data the bank signs includes the user
name, id, order id, amount, and user-specified fields, that you use to
store a SHA1 hash of the list of things the user ordered, so he can't
steal the payment confirmation from another user, or from  a past order.
    So, if later you suspect something, you can re-check the signatures on
the payment confirmation data, and the fraud will be apparent.