Paypal Checkout客户端集成对浏览器安全吗? [英] Is Paypal Checkout Client Integration safe for browser?

问题描述

我正在开发一个PHP应用程序，我想使用Paypal Checkout客户端集成作为我网站的付款方式.但是，集成需要将客户端ID"放入脚本中，该脚本将完全显示在浏览器的控制台上.可以将您的客户ID公开吗?

I'm developing a PHP app and I want to use Paypal Checkout Client Integration as a mode of payment for my website. However, the integration requires to put your "client ID" in the script which will totally be exposed on the browser's console. Is it ok to expose your client id to the public?

屏幕截图-实施

价格也包含在脚本中，如果人们会即时更改价格怎么办?

Also, the price is in the script as well, what if people will change the price on the fly?

对此有何建议?

推荐答案

客户端ID可以公开，而另一方面，绝不能将Client SECRET放在任何公开的地方，这只适合您.

Client ID is okay to be public, Client SECRET on the other hand must never be placed into anywhere public, that's just for you.

FrankerZ在评论中大多回答了这一点，之后发生的验证是重要的方面.

FrankerZ mostly answered this in the comments, the validation that occurs after is the important aspect.

将您的客户ID视为现实驾驶执照.如果有人窃取了您的许可证，但他们仍然无法将其用作进入俱乐部的ID，保镖会说显然不是您".

Consider your Client ID like your real life driving license. If someone steals your license they still can't use it as ID to get into a club, the bouncer will just say "That's obviously not you".

在类似的情况下，贝宝是保镖.您的客户ID是您的驾驶执照，您的客户机密是您的脸.

In the analogy above PayPal is the bouncer. Your client ID is your driving license and your client secret is your face.

这篇关于Paypal Checkout客户端集成对浏览器安全吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！