I'm trying to process a payment for a transaction. Currently I'm redirecting to a paypal url in a controller's method and passing in the variables in the url. Paypal seems to convert this to secure it - https://www.sandbox.paypal.com/cgi-bin/webscr?cmd=_flow&SESSION=lUAK-18U7c_uxbs0wYsKTqcO7tDjb9M4O2A0hqd4gsKhEyhlC0xCxFabBL8&dispatch=50a222a57771920b6a3d7b606239e4d529b525e0b7e69bf0224adecfb0124e9b61f737ba21b081983b975b35e10fe14fd9a7167ca5aec13b
Summary: User Form -> Controller Method -> Redirected to Paypal URL with variables
How secure is this? Can users access the url I'm redirecting to before Paypal converts it to a secure format? Do I need to implement the encryption recommended on this rails cast - http://asciicasts.com/episodes/143-paypal-security
I'm thinking I need to, but would rather not if it's not needed.
Thanks!