You need to login in order to make a new post. If you do not have a community account, you can get one here.

Worried about ‘Secret Word’ thing? Someone clarify…

May 23rd, 2007, by: mesmerx

Hi,

I noticed this thing called "Secret Word". So I entered a word in
it. Will this have any side effects on the way I take orders? Or do I have to
add something extra in "Buy Now" 2CO buttons that I’ve placed on
some of my sites?

Many thanks.

Andre

Tagged With: , , ,
Posted in Vendors

4 comments »

RSS feed

4 Comments »

# Comment by cliff 2CO Staff
2007-05-23 14:48:36

The secret word is only used if you are using a third-party cart or custom script. Typically, you would create a secret word in your 2CO account and then use that same secret word in your shopping cart software. This would help your cart determine the authenticity of a sale.

The following articles provide more detailed information:

How do I use the MD5 Hash?

Where do I set up the Secret Word?

 
 
# Comment by bobs12
2007-05-24 11:02:20

I see how this works, but… wouldn’t it be just as easy (and more transparent) to compare the passed back values in their raw form? And doesn’t the demo=Y value get passed back too, so you could tell if someone had messed with the URL before making payment?

Also, it seems this method is impossible to test in demo mode… so without making a live sale you can’t test that a legitimate buyer will be able to download?

 
 
# Comment by ghappa
2007-05-24 14:13:05

As far as I remember, when I’ve made custom script for my site, I tested this feature in demo mode with no problem.

It is necessary to have such hashed/encoded value when 2CO sends back sale’s parameters, and that way the sale can not be faked by unauthorized intrusion. The hacker may know each and every variable 2CO sends, except for this value which is set by YOU.

 
 
# Comment by cliff 2CO Staff
2007-05-24 16:46:38

As described in the article linked above: “If the sale is in demo mode, the order number used to create the hash will be forced to a one, which will cause the hashes to be different when you compare them.” Your custom script could allow for this. Most third-party carts will not. The intended behavior is that demo mode will intentionally break the MD5 hash, so your cart knows it’s not a valid order that should be fulfilled.

 
 
You need to login before leaving a comment If you do not have an account, you can register one here.

Recent Activity:

simba on Get Payments
ricks on Referring URL
ricks on SPP suggestion
ricks on changing hosting and domain name
sfox on Create a new account for online university fees
ricks on customize 2co form
ricks on Getting started with fresh new 2CO vendor account
richon on Can Default Currency Be EURO???
craig on 2co API – Cancel recurring billing
craig on RESTful API
craig on Cancel recurring sale via api/http
craig on Developer support
craig on Does 2checkout has an API?
craig on No sales record in my 2CO vendor account.
craig on How to configure my new 2CO account?

Welcome to 2Checkout!

2Checkout is a full-service e-commerce solution recognized by Inc. Magazine as one of the fastest growing companies in the United States. 2CO’s proprietary technology supports back-office functions including financial reporting, tracking, fraud prevention, affiliate tracking, customer service and sales tracking. Click here to learn more.

Now a faster, easier way to get paid – the 2CO reloadable MasterCard®.

Spotlight Supplier

Spotlight Supplier

Feng Shui Products


Popular Tags