[sldev] RE: Re: Re: Patch to Address Debit Permission Spoofing

Jason Giglio gigstaggart at gmail.com
Sat May 26 16:29:52 PDT 2007

Previous message: [sldev] RE: Re: Re: Patch to Address Debit Permission Spoofing
Next message: [sldev] Crash on "Save object back to object contents" VWR-176 / 828
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Kele Kravelin wrote:
> Also keep in mind that with the changes to the quick pay button features 
> the need for vendors to have debit permissions has decreased since you 
> can force the user to only pay the correct amount (so unless you have 

No,  you can't.  That's just a client-side hint.  The agent can pay 
whatever they want.  If you trust SetPayPrice your object is very 
vulnerable.

-Jason

Previous message: [sldev] RE: Re: Re: Patch to Address Debit Permission Spoofing
Next message: [sldev] Crash on "Save object back to object contents" VWR-176 / 828
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the SLDev mailing list