Should not use this package?

unicodeveloper / laravel-paystack

:credit_card: :package: :moneybag: Laravel 6, 7, 8, 9, 10 and 11 Package for Paystack

https://paystack.co

MIT License

605 stars 312 forks source link

Should not use this package? #37

Closed shirshak55 closed 4 years ago

shirshak55 commented 6 years ago

It seems in example you are writing secret key inside form html. Am i wrong but i think secret key is only for server not for user side right?????????????

kingflamez commented 6 years ago

Secret key is saved in your .env, not the HTML form

shirshak55 commented 6 years ago

@kingflamez see read me last section there is written env("SECRET KEY") like that

shirshak55 commented 6 years ago

@kingflamez

see this in readme

<input type="hidden" name="key" value="{{ config('paystack.secretKey') }}"> {{-- required --}}

I guess its major security issue and should be patched soon.

derskeal commented 6 years ago

Uncomment that line. The payment still works without it.

Huxteen commented 5 years ago

@kingflamez see read me last section there is written env("SECRET KEY") like that

remove the input form field for secretKey and everything will still work fine.