Hello guys please how long does it take to set up paystack, it actually my first time adding it to a website. So i need your advice please.

femmix112:
Hello guys please how long does it take to set up paystack, it actually my first time adding it to a website. So i need your advice please.

It takes minutes

devdev:

It takes minutes

Ok thanks

femmix112:
Hello guys please how long does it take to set up paystack, it actually my first time adding it to a website. So i need your advice please.

Check their documentation page but please be careful of form injection when making implementing your payment

femmix112:
Hello guys please how long does it take to set up paystack, it actually my first time adding it to a website. So i need your advice please.

Hey buddy, if you need help with Paystack integration, see this thread here https://www.nairaland.com/6283638/ews-technical-support-services-fix

Or reach us via our signature below.

stanliwise:

Check their documentation page but please be careful of form injection when making implementing your payment

Do people still bother about injection and other forms of xss these days? frameworks have reduced that to the barest minumum,
while the introduction of split micoservices killed it finally .... unless of course, the programmer is still using archaic patterns .. healthy discuss needed.

cixak95211:


Do people still bother about injection and other forms of xss these days? frameworks have reduced that to the barest minumum,
while the introduction of split micoservices killed it finally .... unless of course, the programmer is still using archaic patterns .. healthy discuss needed.

I don’t think you understand the danger of form injection. This is different from SQL injection. It means manipulating the form details before it is being sent over the network. For example you could place $50 for an item and a hacker would edit the form and transform it to $20. If your app don’t compare price before/after payment then this same hacker could buy so much goods especially virtual ones for as large as $100k for just about $10k

stanliwise:

I don’t think you understand the danger of form injection. This is different from SQL injection. It means manipulating the form details before it is being sent over the network. For example you could place $50 for an item and a hacker would edit the form and transform it to $20. If your app don’t compare price before/after payment then this same hacker could buy so much goods especially virtual ones for as large as $100k for just about $10k

Exactly what I just posted above. when i mentioned split microservices. Even going by the documentation on all payment processors , paypal, flutterwave, stripe etc, they explicitly ask you never to provide value until payment is confirmed from your server. This means, you gotta have a server that confirms the payment using your secret api keys and only use the public keys to create the transaction. So if the hacker likes, let him modify the payment request to a million pounds, it will fail verification instantly.
Plus i mentioned ONLY and if ONLY the programmer is using archaic patterns.
The moment financials are involved, then you must have a server, and it doesnt have to be full blown, even a simple cloud function will suffice
The problem is having to create and, perhaps, verify transactions from the front, which itself is a security flaw