JosiahMaybe
Gold Coder
So I may have worked out a secure way to sell except that in like my site hackers may be able to bypass like my selling logic. I would do custom country check in Javascript using navigator.geolocation, prefill paddle.com checkout with Javascript. paddle.com checkout starts in Javascript and after that there is paddle.com and then there is a web hook to a PHP script upon purchase. I plan for prefill country, region, and email and having custom_data hold email and a customer generated password so like my end PHP script can use both of those. Like my problem is that Javascript in console can be run and possibly make a purchase without like my code prefilling so custom country check not happened.
I prefer having that custom country check because places like Greenland and others have it like I am not copyright protected. It is harder to fake country when you must be in it to purchase. I have heard that there may be a way to restrict scripts being run on a web site. Is that true and if so, how? paddle.com checkout opens from Javascript. I can probably write most of like my code to be disappearing but what good would that do? I can close checkout once it opens and some things are near impossible to remove, like a listener in paddle.com checkout from starting it or setInterval code. If I could at least make this semi-secure would be good. It would be paddle.js and its checkout procedures I would be using.
Like my plan currently is have a setInterval code that does both custom country check and paddle.com checkout opening or if not checked adequately, close checkout, and also have that paddle callback thing only allow opening if all is prefilled and correct. In this way I think I can be mostly secure about this, but do I need that and can I just like ban console usage? This is like my one possible flaw in like my selling plan but I seem to have nearly fixed it already. I still would prefer a review or a better option possible maybe.
Assume I have complete within reason control over like my web site and running environment but I may use a shared hosting for cost. X E.
I prefer having that custom country check because places like Greenland and others have it like I am not copyright protected. It is harder to fake country when you must be in it to purchase. I have heard that there may be a way to restrict scripts being run on a web site. Is that true and if so, how? paddle.com checkout opens from Javascript. I can probably write most of like my code to be disappearing but what good would that do? I can close checkout once it opens and some things are near impossible to remove, like a listener in paddle.com checkout from starting it or setInterval code. If I could at least make this semi-secure would be good. It would be paddle.js and its checkout procedures I would be using.
Like my plan currently is have a setInterval code that does both custom country check and paddle.com checkout opening or if not checked adequately, close checkout, and also have that paddle callback thing only allow opening if all is prefilled and correct. In this way I think I can be mostly secure about this, but do I need that and can I just like ban console usage? This is like my one possible flaw in like my selling plan but I seem to have nearly fixed it already. I still would prefer a review or a better option possible maybe.
Assume I have complete within reason control over like my web site and running environment but I may use a shared hosting for cost. X E.