Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
K
K
Kekoc2016-02-05 11:59:38
Yii
Kekoc, 2016-02-05 11:59:38

How to properly organize the internal balance of users?

Hello.
It is necessary to implement a service similar to an auction.
For the convenience of making monetary transactions, it is necessary to implement the balance of users within the system (so that you do not have to credit money every time through services like Robokassa), for this, users will replenish their account on third-party services.
There is an action plan, the implementation is quite clear and transparent, and this is alarming.
What are the concerns:

  1. In fact, the balance within the system is the same money (dangerous! :)). What if someone drops the base (yes, it happened :( ), or they find a vulnerability and use it to manipulate the balance. will pay close attention.
  2. Also, the service will use Websocket to update product information, etc. I have not thought about the detailed implementation yet, but I think I will master it. I would also like to hear what problems there may be, especially with security, with this technology.

Thank you.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
D
Dmitry Donkovtsev, 2016-02-05
@Demetriy

1) As they wrote in the first comment: do operations in transactions, keep transaction logs. 2
) Double entry ( https: //ru.wikipedia.org/wiki/%D0%94%D0%B2%D0%BE%D ...
) Money systems (Paypal, etc.) have different ways of telling your site that the user has actually paid the bill, so you should never use the system when the confirmation is a redirect of the user to your site page with the transaction hash. Your site should send a request to verify the operation regardless of the user.
4) Keeping logs of user actions (when you see that according to the logs, the user replenished the balance for a total of 2000 rubles 5 times, and 400 rubles came to your real account, then this is a reason to sound the alarm).
5) Backups

Report
A
Andrey, 2016-02-05
@VladimirAndreev

all operations with the balance are carried out using transactions with the transaction log enabled, so it will be possible to restore balances in the event of a drop.

Report
A
Anton Natarov, 2016-02-05
@HanDroid

There was one pitfall. The person had a large transaction, but the save(false) validation was disabled in a certain place. Since there was no validation, the user could come in and make a double request. Sending money while keeping it. Unfortunately I can not find this topic on the toaster. This was solved with a more rigid data wrapper. But I don't remember which method I used.

Similar questions
S
shaivam2015-06-12 15:18:38
What are the requirements for software and network for working with state secrets? 5Reply
N
Niko True2015-06-16 19:00:28
How to make an sms gateway? 4Reply
D
Dmitry2019-03-10 15:30:26
Yii2. Why doesn't TagDependency::invalidate() work? 0Reply
L
leni_m2019-03-12 16:43:58
Why doesn't CNC work in Yii2? 1Reply
R
Rafail Dunyashev2016-10-12 16:36:59
How to set up a delay in accepting repeated data from a form? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question