您如何验证到“无声发布" URL的通知确实是来自PayPal Payflow而不是黑客? [英] How do you verify that the notification to the Silent Post URL is indeed from PayPal Payflow and not a hacker?

问题描述

Payflow支持无声发布URL，该页面将在成功完成交易(付款，退款等)后通知您.可以通过PayPal管理器配置静默帖子URL.

Payflow supports a Silent Post URL, which is a page that will be notified upon completion of a successful transaction (payment, refund, etc...). The Silent Post URL can be configured via the PayPal manager.

大多数类似的支付系统都实现了回发"的概念，接收软件可以在其中回发结果，以确保交易信息是合法的而不是源自黑客. Payflow似乎不支持回发，并且Payflow Pro文档中没有提及任何其他方法来验证在无声发布" URL上接收到的交易数据.

Most similar payment systems implement the notion of a "post back" where the receiving software can post back the results to make sure that the transaction information is legitimate and not originating from a hacker. Payflow doesn't appear to support a post back and the Payflow Pro documentation doesn't mention any other way of verifying the transaction data received at the Silent Post URL.

推荐答案

所有有效的PayPal通知均源自173.0.81.65.只需忽略不是来自该IP的任何通知即可.

All valid PayPal notifications originate from 173.0.81.65. Simply ignore any notifications that don't come from this IP.

答案隐藏在PayPal知识库的深处: https: //ppmts.custhelp.com/app/answers/detail/a_id/445 .还可以在 https://上找到更多信息. ppmts.custhelp.com/app/answers/detail/a_id/883/kw/payflow%20ip%20地址

The answer is hidden away in the depths of the PayPal knowledge base: https://ppmts.custhelp.com/app/answers/detail/a_id/445. More information can also be found at https://ppmts.custhelp.com/app/answers/detail/a_id/883/kw/payflow%20ip%20address

这篇关于您如何验证到“无声发布" URL的通知确实是来自PayPal Payflow而不是黑客?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！