Forms With PayPal / Credit Card Payment

Advanced Search

Paypal security changes - Jun 17

Permalink Browser Info Environment
The paypal security changes for June 17th have potential to affect our paypal tool, we would like to ensure that our site will not have issues with the new security changes.
Type: Discussion
Status: In Progress
dihakz
View Replies:
dihakz replied on at Permalink Reply
dihakz
Email from PayPal:

To avoid service interruptions, please ensure that your systems are SHA-256 compatible by 17 June 2016.

At PayPal, security and safety are our top priorities and, as a result, we’re implementing a series of security upgrades throughout 2016 and 2017. To comply with industry standards, we need to move our endpoints to stronger encryption known as SHA-256 by 30 September 2016.
atfmaustin replied on at Permalink Reply
atfmaustin
I am anxious to hear the developers response to this. It is my guess that the SHA-256 issue does not apply to us because the form redirects to a secure PayPal.com form to collect the credit card information. I emphasize that this is just my guess and I, for one, would rest easier if we could a get more authoritative confirmation.
thebigideasman replied on at Permalink Reply
thebigideasman
Could you please explain what is meant by this and what we need to check/do and from where?

Thank you
atfmaustin replied on at Permalink Reply 1 Attachment
atfmaustin
We received a similar notification to that describe by dihakz, copy attached as a pdf file. As nearly as I understand it, PayPal are saying that transactions posted over an SSL connection must come from a server (e.g. our host server) with a certificate supporting the SHA-256 encryption standard. It is confusing to me and I might have that wrong. It seems to me that since the add-on redirects to a PayPal.com form to collect the information, that should not apply. But I may be ignorant on that point.

The PayPal notice refers to this url for "more details":
https://www.paypal-knowledge.com/infocenter/index?page=content&w...
dihakz replied on at Permalink Reply
dihakz
This is making me nervous. I'd really like to see the developer's response!

concrete5 Environment Information

# concrete5 Version
5.5.0

# concrete5 Packages
Amiant CSS3 Menu (0.1), Document Library (1.6.4), eCommerce (2.7.1), Forms With PayPal Payment (2.0.2), ProEvents (5.6.9).

# concrete5 Overrides
blocks/slideshow, blocks/content, blocks/autonav, blocks/amiant_css3_menu, blocks/search, blocks/form, elements/footer_required.php, elements/collection_delete.php, elements/header_required.php, elements/page_controls_header.php, elements/collection_delete_external.php, js/!!ccm.app.js, js/ccm_app, themes/dashboard, themes/invision, tools/edit_collection_popup.php, tools/!!!edit_collection_popup.php

# Server Software
Apache

# Server API
cgi-fcgi

# PHP Version
5.4.45

# PHP Extensions
bcmath, bz2, calendar, cgi-fcgi, Core, ctype, curl, date, dom, ereg, exif, fileinfo, filter, ftp, gd, gettext, gmp, hash, iconv, imagick, imap, intl, ionCube Loader, json, libxml, mbstring, mcrypt, mhash, mssql, mysql, mysqli, odbc, openssl, pcre, PDO, pdo_mysql, pdo_sqlite, Phar, posix, pspell, Reflection, session, SimpleXML, soap, sockets, SourceGuardian, SPL, sqlite3, standard, tidy, tokenizer, wddx, xml, xmlreader, xmlrpc, xmlwriter, xsl, Zend Guard Loader, zip, zlib.

# PHP Settings
log_errors_max_len - 1024
max_execution_time - 5
max_file_uploads - 20
max_input_nesting_level - 64
max_input_time - 60
max_input_vars - 1000
memory_limit - 256M
post_max_size - 64M
sql.safe_mode - Off
upload_max_filesize - 64M
mssql.max_links - Unlimited
mssql.max_persistent - Unlimited
mssql.max_procs - Unlimited
mssql.textlimit - Server default
mysql.max_links - Unlimited
mysql.max_persistent - Unlimited
mysqli.max_links - Unlimited
mysqli.max_persistent - Unlimited
odbc.max_links - Unlimited
odbc.max_persistent - Unlimited
pcre.backtrack_limit - 1000000
pcre.recursion_limit - 100000
session.cache_limiter - nocache
session.gc_maxlifetime - 7200
soap.wsdl_cache_limit - 5

Browser User-Agent String

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/601.5.17 (KHTML, like Gecko) Version/9.1 Safari/601.5.17

Hide Post Content

This will replace the post content with the message: "Content has been removed by an Administrator"

Hide Content

Request Refund

You may not request a refund that is not currently owned by you.