How In-App Purchasing is Secure
We’ve ensured that purchasing edition upgrades within Craft is as secure as possible. Here’s exactly what happens when you click ‘Purchase’:
Your Craft install takes everything passed to it in Step 2, as well as your license key, and passes it all off to our web service over SSL.
Our web service verifies that it was passed a valid Craft license, a valid edition ID, the correct price for the edition, and that the license isn’t already set to that edition (or a better one).
If everything checks out, our web service sends a request to Stripe over SSL to charge the credit card represented by the token for the amount of the edition.
If Stripe says that the charge was a success, the license is set to the edition.
Our web service responds to Craft with the result of the transaction, or any validation errors that may have occurred.
There is one known security vulnerability: If you are accessing Craft from a public web server, and you’re not going over SSL, there is the possibility that you could be susceptible to a “man-in-the-middle attack”, where a third party with control over the network could hijack your CP requests and alter their response’s contents, doctoring up a fake credit card form that doesn’t actually interact with Stripe in the manner described above. It’s unlikely, but worth mentioning.
To avoid the possibly of that happening, you can either make your edition purchases on a local web server where you have full control over the entire network between the client and the server, or just install SSL on your web server and create an .htaccess redirect that forces SSL on CP requests.