Quote:
Originally posted by magua
If this isn't happening over SSL, nothing stops anyone from monitoring the web traffic between the user and the server, or the server and Paypal, and snagging all of that credit card information.
|
Your site presents the form without SSL. The HTML form is coded to post to PayPal using THEIR SSL server. Which means you can run it on any el-cheapo server. SSL isn't required on your end, yet all user data is transmitted
to PayPal via SSL.