php - Secure way of passing values using POST method

Question

I need to pass a few values using POST method form to another payment processor site. Those values are something like tokens which are generated on my account, and I'm currently using basic form with input type="hidden" on those values. And also one variable is encrypted with sha1. But what I'm concerned is the security of it, because the type="hidden", can be seen in HTML. What is the correct way of doing this in this case and generally what should I use? I'm farely new to this, so any help would be appreciated.

Piece of code:

   <?php $digest = SHA1($key . $order_number . $amount . $currency); ?>

  <input type="hidden" name="digest" value="<?php echo $digest; ?>">
  <input type="hidden" name="authenticity_token" value="123456">

Answer 1

If you want to protect transmitted data from prying eyes, then the answer is not to be found in PHP or HTML, but in the web server itself.

By default, data between the browser and the server is in plain text. Even binary data is encoded into plain text and decoded at the other end.

The only way to secure your transmission is to use HTTPS as your protocol.

This requires the following:

• An HTTPS certificate. You can get them from various places, such as GeoTrust. You can also get them from many third parties such as GoDaddy or Name.com. If you can manage it, you can also get them for free using LetsEncrypt.
• The certificate needs to be installed. If you are on a hosted server, you will need to organise this with them.
• In your links and urls, use https:// instead of the default http://.

The communication is encrypted between the server and the browser using a variable encoding method which makes interception mostly impractical and a waste of time. (No absolute guarantees, of course).

As regards the rest of your coding, just go ahead and do it normally. After the setup, encryption is automatic and transparent.