dounaidu0204 2016-04-12 11:07
浏览 91

使用PayPal付款后保护下载链接

I have a PayPal "buy now" button that has a return URL which redirects to a download page after payment.

Only thing is that the user can copy and paste the URL of the download page and share it -which is a disaster-

And they can come back to the download page, which I do not want unless they paid; so each time they are redirected to the download page, the must have first paid.

How to secure the URL and check if user paid or not and if they paid they can be redirected to the download page other than that they should not be redirected.

Thanks for your help in advance.

  • 写回答

1条回答 默认 最新

  • douyuan6490 2016-04-12 14:30
    关注

    Don't rely on the user accessing a particular URL to validate the order, you'll open yourself to fraud. I outlined these attacks as an example in A Gentle Introduction to Application Security, and gave the only real solution:

    [S]erver-server API integration is the only real solution. Instead of relying on the user to click a URL (which is brittle even in a utopian world where no one acts maliciously), your checkout provider will tell your server which items were purchased and how much money was transmitted.

    The best way to get started is the PayPal API documentation.

    评论

报告相同问题?

悬赏问题

  • ¥15 谁有desed数据集呀
  • ¥20 手写数字识别运行c仿真时,程序报错错误代码sim211-100
  • ¥15 关于#hadoop#的问题
  • ¥15 (标签-Python|关键词-socket)
  • ¥15 keil里为什么main.c定义的函数在it.c调用不了
  • ¥50 切换TabTip键盘的输入法
  • ¥15 可否在不同线程中调用封装数据库操作的类
  • ¥15 微带串馈天线阵列每个阵元宽度计算
  • ¥15 keil的map文件中Image component sizes各项意思
  • ¥20 求个正点原子stm32f407开发版的贪吃蛇游戏