防止 Paypal 欺骗
我有一个场景,我需要让用户通过 PayPal 结帐,然后一旦我们收到付款,我们就会在我们的会员网站中创建会员记录。当您提交表单按钮时,PayPal 需要一个“返回”字段,一旦订单成功处理,该按钮会将用户带回我们的页面。在该页面上,我们实际跟踪销售情况并触发大量 javascript 来跟踪销售情况。
所以我的问题是,我如何确保返回页面来自 PayPal 并且不会被系统中的用户欺骗。我知道有一种方法可以使用notify_url让PayPal发回我们的系统,但在这种情况下我必须运行一段javascript。有没有一种简单的方法可以做到这一点,或者我是否必须编写一些循环/超时函数来检查通知帖子是否已通过?
我使用 .net 向 paypal 进行过帐
I have a scenario where i need to have a user checkout through PayPal and then once we receive the payment then we create a membership record in our membership site. The PayPal requires a "return" field when you submit the form button that will take the user back to our page once the order has been successfully processed. On that page is where we actually track the sale and fire a chunk of javascript to track the sale.
So my question is this, how can i make sure that the return page comes from PayPal and is not spoofed by a user in the system. I know there is a way to use the notify_url to have PayPal post back to our system, but in this case i have to run a chunk of javascript. Is there an easy way to do this, or would i have to write some looping/timeout function that checks to see if the notify post has come through?
Im using .net to do the posting to paypal
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您需要让 PayPal 在您的网站上调用脚本以防止欺骗。通过客户端/浏览器的任何内容都可供用户修改,因此只有直接从 PayPal 发送到您的服务器的内容才是安全的。
You need to have PayPal call a script on your site in order to prevent spoofing. Anything that goes through the client/browser is open to the user for modification, so only things that come directly to your server from PayPal are secure.