From: Alexander Klimov (alserkli@inbox.ru)
Date: Tue Jul 24 2007 - 10:45:57 EDT
Hi.
On Tue, 17 Jul 2007, Mifa wrote:
> I have set up a webpage that allows payments via paypal. Is it
> secure?
This depends on what is your threat model.
> Below is the data submitted (as seen with tamper data)
> [...]
> 1) Can this be decrypted? This string is after all hard coded into the paypal button.
> a)If so how?
> 2) What apps might decode and recode this data.
First you need to urldecode it, e.g., `%2F' is `/', `%3D' is `=', and
`+' is ` ' (space) after it is looks like a base64-encoded data (you
can use, e.g., `openssl base64 -d' to decode it) and PKCS#7
(Cryptographic Message Syntax Standard) can also be decoded by
openssl.
-- Regards, ASK ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:58 EDT