Will the subscriptions I setup through GF's add-on for PayPal be secure? I ask this because I've seen some hacks where people try to get a cheaper price for things some times. How does GF handle subscriptions, or does it use secure tokens from PayPal that we manually enter and setup with PayPal's subscription area to communicate?
I need to know if I should hack this up or if it's good as is. It's important to have them charged at the prices we set ;)
Scott,
We understand the need for security when creating these transactions with PayPal. I am not going to claim the system is not hackable, but we have taken considerable amount of time trying to make it as safe as possible. The following security measures are the highlights.
1- Gravity Forms pricing fields have a built-in hash validation that prevents users from spoofing the prices before the request is sent to PayPal.
2- When the IPN is received by Gravity Forms, we follow PayPal's security guidelines to ensure the IPN is valid. That includes sending the entire request back to PayPal for validation from them.
As you know, we are always open to new ideas and if you know of a better/safer way to process these transactions, please let us know about it.
Great explanation, feel much more comfortable now!
Thanks Scott. I'll let Alex know.
