Preventing Bad Grease Monkeys from changing your prices in eCommerce sites
Thursday, April 12th, 2007
I spoke with Gina Trapani on Wednesday about my concerns on this issue. The problem is that many online shops are using hidden fields in forms to pass information such as pricing, shipping, and quantity to their online checkout systems. Now I love Google Checkout for its sheer simple integration methods, but there is also an option to auto approve the payment and this concerns me. So I am writing to you today to illustrate some of the methods I have came up with which will hopefully prevent this sort of attack. Here are three ways you can circumvent this little flaw in many online stores.
(more…)