Answer the question
In order to leave comments, you need to log in
How to properly organize the internal balance of users?
Hello.
It is necessary to implement a service similar to an auction.
For the convenience of making monetary transactions, it is necessary to implement the balance of users within the system (so that you do not have to credit money every time through services like Robokassa), for this, users will replenish their account on third-party services.
There is an action plan, the implementation is quite clear and transparent, and this is alarming.
What are the concerns:
Answer the question
In order to leave comments, you need to log in
1) As they wrote in the first comment: do operations in transactions, keep transaction logs.
2
) Double entry ( https: //ru.wikipedia.org/wiki/%D0%94%D0%B2%D0%BE%D ...
) Money systems (Paypal, etc.) have different ways of telling your site that the user has actually paid the bill, so you should never use the system when the confirmation is a redirect of the user to your site page with the transaction hash. Your site should send a request to verify the operation regardless of the user.
4) Keeping logs of user actions (when you see that according to the logs, the user replenished the balance for a total of 2000 rubles 5 times, and 400 rubles came to your real account, then this is a reason to sound the alarm).
5) Backups
all operations with the balance are carried out using transactions with the transaction log enabled, so it will be possible to restore balances in the event of a drop.
There was one pitfall. The person had a large transaction, but the save(false) validation was disabled in a certain place. Since there was no validation, the user could come in and make a double request. Sending money while keeping it. Unfortunately I can not find this topic on the toaster. This was solved with a more rigid data wrapper. But I don't remember which method I used.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question