Life in solitude
There's quite a few libraries to integrate PayPal with Django, including django-paypal and an example from PayPal. We needed a library to integrate with PayPal that uses pre-approval. Pre-approval means that payments can be made automatically, without any interaction. To use this a token for the user is stored in the marketplace.
Therein lies some security issues. Tokens and PayPal credentials or keys are being stored on your server., perhaps your database or settings files. Encryption of your database fields will help, but we can do probably do more.
Solitude is a Django project to provide a REST interface to PayPal (and potentially other payment providers). It uses TastyPie to provide the API.
Currently the API is focused purely on what the Mozilla Marketplace needed, but it includes the ability to create buyers and sellers, store pre-approvals, do payments, do refunds and check account statuses. It also features a PayPal mock so that you can interact with solitude without having to interact with PayPal at all.
For example to create a buyer account, then create a pre-approval (and then bounce to PayPal) and then save that token you'd do:
Solitude stores the payments and transaction information, but knows absolutely nothing about the buyers and sellers. The calling application just passes id's for those users. Key parts of data, anything that might be personal or a security issue, is encrypted using MySQL AES encryption.
The primary goal here is defense by depth and solitude ensure that simple attacks such as SQL injections on the marketplace will fail to render anything useful for payments. Not that we'll be invulnerable to attack, it will just be harder to get through to the next layer.
A longer term goal is that solitude provides a payment server for all of Mozilla, not just the marketplace, should that be something we want to use. Solitude is currently in an early version and isn't rolled out yet to production, so take the code for what it's worth.