Joined on 03-10-2007
TechSoup Member
If so, please ensure that it has been tested for security. I don't mean if it uses SSL or has authentication, I mean if somebody has tested it specifically for input validation attacks.
A frighteningly common vulnerability in this kind of software is for the "price" value to be sent as a post form field value. Malicious users can use HTTP proxy tools (e.g. Paros) to modify that value and change the price of an item, bypassing any client-side javascript validation logic you have.
Ensure you are double checking a donation value and also ensure that the value is not negative on the server side
Cheers,
Rohit Sethi