I need to pass a few values using POST method form to another payment processor site. Those values are something like tokens which are generated on my account, and I'm currently using basic form with input type="hidden" on those values. And also one variable is encrypted with sha1. But what I'm concerned is the security of it, because the type="hidden", can be seen in HTML. What is the correct way of doing this in this case and generally what should I use? I'm farely new to this, so any help would be appreciated.
Piece of code:
<?php $digest = SHA1($key . $order_number . $amount . $currency); ?>
<input type="hidden" name="digest" value="<?php echo $digest; ?>">
<input type="hidden" name="authenticity_token" value="123456">
See Question&Answers more detail:os