Paypal has recently changed integration method. Now instead of providing public/private key option paypal has selected javascript button. My question is how much secure is this? Say for example i have used following code to create button.
<script src="js_path/paypal-button.min.js?merchant=XXXXXXXXXX" data-button="buynow" data-name="SiteName" data-amount="10" data-env="sandbox" data-callback="payment_success.php" data-cancel_return="payment_cancel.php" data-currency="EUR" ></script> Now if you are familier with firefox addon of firebug then you can see all this values and easily edit them and pass them to paypal page. It will easily change amount of 10 to 1 and customer can pay 1 and leave site. This is loss to merchant.
Previusly i was using method of http://www.stellarwebsolutions.com/en/articles/paypal_button_encryption_php.php to create encrypted buttons. It was working properly and no customer had complaint any problem like i had mentioned before.
My question is that can this new system paypal has created has this facility of encryption? If not then what is solution?
Thank you Tejas Mehta
