如何安全地制作表格 [英] How to make a Form Post Securely
问题描述
您好,
我需要一些指示,说明我如何能够在PayPal网站上创建一个安全的表单帖子,以便客户完成交易。在过去的4天里,我一直在谷歌关于表格后安全和PayPal集成的文章(这个网站有很多好的PayPal文章),但我不了解大局。我在连接点时有点断开连接。以下是我的一些担忧,不知道如何克服它们。
1.如何确保交易是在卖方网站上发起的?通过复制表格帖子并对表格发布进行调整即将价格减少到负值并购买产品,这不是在本地机器上?
2.服务器端是否可以通过客户端处理表单帖子,提供他们想要的产品ID,并让服务器将其发送到PayPal站点,其中包含有关产品的所有信息,即产品描述,价格,数量等?也许是通过Ajax调用?
目前,我可以浏览开发人员工具(F12)并修改我的表单值,PayPal正在接受修改后的值。我不想要这个。创建安全表单帖子需要做什么?
有人能指出我正确的方向吗?如果您需要我澄清任何事情,请告诉我。在此先感谢。
Hello,
I need some instruction on how I may be able to create a secure form post to a PayPal site to allow a customer to complete their transaction. For the past 4 days I have been Google'ing articles on form post security and PayPal integration (this site has many good PayPal articles), but I am not understanding the big picture. I am having a bit of a disconnect in connecting the dots. Here are a couple of concerns I have and don't know how to overcome them.
1. How do I ensure that the transaction was initiated on the seller's site? Such that it was not on a person's local machine by copying the form post and making adjustments to the form post i.e. decrease price amount to a negative value and purchase the product?
2. Is there a way that the server side can handle the form post by the client giving an id of the product they want and have the server send them to a PayPal site with all the information about the product i.e. product description, price, quantity, etc? Maybe by an Ajax call?
Currently, I am able to go through the developer tools (F12) and modify my form values and PayPal is accepting the modified values. I don't want this. What do I need to do to create a secure form post?
Can someone point me in the proper direction? If you need me to clarify anything just let me know. Thanks in advance.
推荐答案
我一提交这个问题就遇到了这篇文章。我认为最好的办法是避免在表单帖子中使用所有信息并使用PayPal API: https://devtools-paypal.com/guide/expresscheckout?interactive=ON&env=sandbox [ ^ ]
这将允许服务器填写有关产品的信息并将用户重定向到PayPal。
我认为这就是我想要做的。去试试吧。希望这会阻止客户修改产品的价格数量。
As soon as I submitted this question I came across this article. I think the best bet is to avoid having all the info in a form post and utilize the PayPal API: https://devtools-paypal.com/guide/expresscheckout?interactive=ON&env=sandbox[^]
This will allow the server to fill in the information about the product and redirect the user to PayPal.
I think this is what I want to do. Going to test it out. Hopefully, this will prevent the client from modifying the price amount of the product.
这篇关于如何安全地制作表格的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
