Protect request from client to server?

E

Emanue12017-07-28 14:53:52

Nginx

Emanue1, 2017-07-28 14:53:52

In an online store, when paying for goods, you must add information about the buyer to the database. Site in php. How to transfer information from the client to the server during a successful transaction so that this request cannot be replaced with a regular curl ??

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

E

Evgen, 2019-02-25
@VitaliyBorys

Check port 80
Kill the process that is occupying port 80

X

xmoonlight, 2017-07-28
@xmoonlight

No way.
All additional information is requested BEFORE making a transaction and then comes from the payment aggregator by direct connection to your server, where you parse this request and receive all the entered data.
If this option does not suit you, then only in 2 stages with the transfer of YOUR OWN IDENTIFYING CLIENT ID to the payment system aggregator during the transaction
: time/username, etc. + "our salt"), which we can generate ourselves, for example: UserPayment=hash(userid+salt).
2. After we carry out the transaction with the addition of the identifier field and check the response of the aggregator: if the payment is successful, then we find the required record in the database (we identify it) by the identifier and perform the necessary actions.