使用PayPal付款后，确保下载链接的安全 [英] Secure a download link after payment with PayPal

问题描述

我有一个PayPal立即购买"按钮，该按钮具有返回URL，该URL在付款后重定向到下载页面.

I have a PayPal "buy now" button that has a return URL which redirects to a download page after payment.

唯一的事情是用户可以复制并粘贴下载页面的URL并共享它-这是灾难性的事情-

Only thing is that the user can copy and paste the URL of the download page and share it -which is a disaster-

他们可以返回下载页面，除非他们付费，否则我不希望这样做.因此，每次将他们重定向到下载页面时，必须先付款.

And they can come back to the download page, which I do not want unless they paid; so each time they are redirected to the download page, the must have first paid.

如何保护URL并检查用户是否付款以及是否付款，可以重定向到下载页面，而不应该重定向.

How to secure the URL and check if user paid or not and if they paid they can be redirected to the download page other than that they should not be redirected.

谢谢您的帮助.

推荐答案

不要依靠用户访问特定的URL来验证订单，您将容易遭受欺诈.我在应用柔和介绍中概述了这些攻击作为示例.安全性，并给出了唯一的实际解决方案:

Don't rely on the user accessing a particular URL to validate the order, you'll open yourself to fraud. I outlined these attacks as an example in A Gentle Introduction to Application Security, and gave the only real solution:

[S]服务器服务器API集成是唯一真正的解决方案.结帐服务提供商不会依赖用户单击URL(即使在没有人恶意行为的乌托邦世界中也很脆弱)，您的结帐服务提供商会告诉您的服务器购买了哪些物品以及转移了多少钱.

[S]erver-server API integration is the only real solution. Instead of relying on the user to click a URL (which is brittle even in a utopian world where no one acts maliciously), your checkout provider will tell your server which items were purchased and how much money was transmitted.

最好的入门方法是 PayPal API文档

这篇关于使用PayPal付款后，确保下载链接的安全的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！