堆栈内存溢出
  简体   繁体   English

将信用卡信息存储到Paypal保险库中,并且还想使用Paypal Buttonsource

[英]store credit card info into paypal vault and also want to use paypal Buttonsource

 原文  2013-09-13 11:04:11       php/ security/ paypal

问题描述

I am saving credit card info to the paypal's vault by using REST API. 我正在使用REST API将信用卡信息保存到Paypal的保险库中。 It gives me a token by using it i can make process further. 它通过使用它给了我一个令牌,我可以进一步进行处理。 But the problem i have to use paypal's button [ButtonSource] that is tracking total sales via paypal. 但是问题是我必须使用通过Paypal跟踪总销售额的Paypal按钮[ButtonSource]。 So how can i use both ? 那我该怎么用?

one other thing by using token i am able to get all details of card that is saved. 通过使用令牌的另一件事,我能够获取所保存卡的所有详细信息。 In case if my code will be compromised then any one can steal my tokens saved in database and get the details. 如果我的代码被盗用,那么任何人都可以窃取我保存在数据库中的令牌并获取详细信息。 How can i make it secure ? 我该如何确保它安全?

Thanks 谢谢

1 个解决方案

解决方案1
 0  2013-09-18 18:46:15

Here is some feedback from PayPal on this one: 这是贝宝对此的一些反馈:

The Parameter ButtonSource is a parameter of our classic API's and is currently not supported with the REST API. Parameter ButtonSource是我们经典API的参数,REST API当前不支持该参数。 The Rest API's are still in early stages and we will see much more Features added over the next 12 months. Rest API仍处于早期阶段,我们将在未来12个月内看到更多功能。 So even the parameter might not be supported with REST now, it can be soon. 因此,即使现在REST可能不支持该参数,也可能很快。 However, with REST as of now, the merchant would need to use other parameters to track his payments. 但是,到目前为止,使用REST,商家将需要使用其他参数来跟踪其付款。

one other thing by using token i am able to get all details of card that is saved. 通过使用令牌的另一件事,我能够获取所保存卡的所有详细信息。 In case if my code will be compromised then any one can steal my tokens saved in database and get the details. 如果我的代码被盗用,那么任何人都可以窃取我保存在数据库中的令牌并获取详细信息。 How can i make it secure ? 我该如何确保它安全?

Technically, if the merchants System is hacked and his credentials + DB is exposed to a third party, they can lookup details using this API: 从技术上讲,如果商人系统被黑客入侵,并且其凭据+ DB暴露给第三方,则他们可以使用以下API查找详细信息:

https://developer.paypal.com/webapps/developer/docs/api/#look-up-a-stored-credit-card https://developer.paypal.com/webapps/developer/docs/api/#look-up-a-stored-credit-card

However, we won't return the full card number and the CVV is not stored on our end as well. 但是,我们不会返回完整的卡号,并且CVV也不会存储在我们的终端上。 So from that perspective the merchant is grand. 因此,从这个角度来看,商人是伟大的。 However, they need to make sure that their credentials are secured and not accessible for third parties. 但是,他们需要确保其凭据是安全的,并且第三方无法访问。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用存储在保险库 PHP 中的信用卡进行 PayPal 付款 - PayPal payment using credit card stored in vault PHP 贝宝接受信用卡 - Paypal Accept Credit Card 贝宝使用信用卡时出错 - Paypal using credit card error 支付宝付款失败 - Failure in credit card with paypal payment 贝宝信用卡付款安全吗? - Is paypal credit card payment secure? PayPal-PHP-SDK保管库存储和检索卡信息 - PayPal-PHP-SDK vault store and retrieve card information 使用 Paypal 的信用卡授权? - Credit card Authorization using Paypal? 如何在贝宝中自定义信用卡付款 - how to customize credit card payment in paypal 将付款退款至Paypal中的信用卡。 有可能吗 - Refund payment to a credit card in Paypal. Possible ? Paypal IPN [仅信用卡交易失败] - Paypal IPN [Only Credit Card Transaction Failed]
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM