问题描述
我正在使用标准的php paypal表单在我的电子商务应用程序上付款.
I'm using the standard php paypal form for payments on my e-commerce app.
我注意到只有萤火虫的人可以在通过立即付款"按钮发送付款请求之前更改Paypal表单数据.
I noticed that people with just firebug can change the paypal form data before sending the request for paying by the "PAY NOW" button.
所以我想知道,拥有可以由新手"/"修改的付款形式是标准"吗?/
So I'm wondering, is it a "standard" to have a payment's form that can be "edited" by a newbie :/ ?
我们可以做些什么来防止这种情况?
What we can do to prevent this?
推荐答案
这不是很大的安全风险,因为您应该检查实际支付的费用!任何人都可以将数据发布到任何东西.它与您的表单甚至Firebug无关.
This isn't a huge security risk, as you should be checking what was actually paid anyway! Anyone can post data to anything. It has little to do with your form, or even Firebug.
您可以将该按钮信息存储在PayPal的服务器上,但是无法动态生成.当您使用他们的向导为您创建按钮代码时,有一个选项.
You can store that button information on PayPal's server, but then it cannot be dynamically generated. There is an option for this when you use their wizard to create the button code for you.
这篇关于PHP-Paypal API表单和安全性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!