电商APP订单生成,如何安全保证安全性?
目前遇到一个问题,在做一个可以购买东西的一个电商APP,在关于订单生成的安全性上,想向有经验的朋友请教一下。
APP的流程是这样(没有购物车概念),在商品页面,直接点击购买,然后填写个人的相关信息,提交生成订单。我目前的想法是这样,APP在点击购买时候,来调用服务端,获取订单token,然后在提交订单的时候,将token带上。是否生成订单取决于表单中的token与服务端存储的token是否一致,另外在订单的url上进行oauth加密(服务端与APP端约定一个KEY,进行加密)。请大家发表一下各自的想法,集思广义。谢谢。
回复内容:
目前遇到一个问题,在做一个可以购买东西的一个电商APP,在关于订单生成的安全性上,想向有经验的朋友请教一下。
APP的流程是这样(没有购物车概念),在商品页面,直接点击购买,然后填写个人的相关信息,提交生成订单。我目前的想法是这样,APP在点击购买时候,来调用服务端,获取订单token,然后在提交订单的时候,将token带上。是否生成订单取决于表单中的token与服务端存储的token是否一致,另外在订单的url上进行oauth加密(服务端与APP端约定一个KEY,进行加密)。请大家发表一下各自的想法,集思广义。谢谢。
使用POST提交,有条件可以使用HTTPS。
总价一定要在服务端计算,检测分类,商品及相关字段是否存在,也可以使用对称加密将传输的数据进行加密。
先想清楚你要哪些安全
传输安全--https
内容正确--服务器端验证
不重复提交--在流程中加入token, 由服务器保证最多被使用一次
可以参考下微信支付的统一下单接口,里面有详细的订单创建流程,个人觉得很安全,订单创建前预先拿到 token,然后一起和参数加密后传递到服务端创建订单
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
PHP 8.4 Installation and Upgrade guide for Ubuntu and Debian
Dec 24, 2024 pm 04:42 PM
PHP 8.4 brings several new features, security improvements, and performance improvements with healthy amounts of feature deprecations and removals. This guide explains how to install PHP 8.4 or upgrade to PHP 8.4 on Ubuntu, Debian, or their derivati
How To Set Up Visual Studio Code (VS Code) for PHP Development
Dec 20, 2024 am 11:31 AM
Visual Studio Code, also known as VS Code, is a free source code editor — or integrated development environment (IDE) — available for all major operating systems. With a large collection of extensions for many programming languages, VS Code can be c
Xiaomi Redmi Note 14 Pro Plus arrives as first Qualcomm Snapdragon 7s Gen 3 smartphone with Light Hunter 800 camera
Sep 27, 2024 am 06:23 AM
The Redmi Note 14 Pro Plus is now official as a direct successor to last year'sRedmi Note 13 Pro Plus(curr. $375 on Amazon). As expected, the Redmi Note 14 Pro Plus heads up the Redmi Note 14 series alongside theRedmi Note 14and Redmi Note 14 Pro. Li
How do you parse and process HTML/XML in PHP?
Feb 07, 2025 am 11:57 AM
This tutorial demonstrates how to efficiently process XML documents using PHP. XML (eXtensible Markup Language) is a versatile text-based markup language designed for both human readability and machine parsing. It's commonly used for data storage an
Oppo Find X8 design looks like a cross between Apple iPhone 16 Pro and OnePlus Open in early images
Sep 28, 2024 am 06:04 AM
Historically, Oppo has refreshed its flagship 'Find X' series in late winter or early spring, save for the original Find X that it announced in June 2018. To that end, the Find X7 and Find X7 Ultra are barely more than six months old at this point. H
PHP Program to Count Vowels in a String
Feb 07, 2025 pm 12:12 PM
A string is a sequence of characters, including letters, numbers, and symbols. This tutorial will learn how to calculate the number of vowels in a given string in PHP using different methods. The vowels in English are a, e, i, o, u, and they can be uppercase or lowercase. What is a vowel? Vowels are alphabetic characters that represent a specific pronunciation. There are five vowels in English, including uppercase and lowercase: a, e, i, o, u Example 1 Input: String = "Tutorialspoint" Output: 6 explain The vowels in the string "Tutorialspoint" are u, o, i, a, o, i. There are 6 yuan in total
Samsung Galaxy Z Fold Special Edition revealed to land in late October as conflicting name emerges
Oct 01, 2024 am 06:21 AM
The launch of Samsung's long-awaited 'Special Edition' foldable has taken another twist. In recent weeks, rumours about the so-called Galaxy Z Fold Special Edition went rather quiet. Instead, the focus has shifted to the Galaxy S25 series, including
iQOO Z9 Turbo+ debuts as Dimensity 9300+ smartphone with \'off-the-charts\' battery life
Sep 26, 2024 am 06:20 AM
TheZ9 Turbo+has now been unleashed on Vivo's online Chinese store at 2,199 yuan (~$313) for a 12GB RAM/256GB internal storage base model, whereas theRedmiK70 Extreme Editionstarted at 2,599 yuan (~$370) with the same configuration: in fact, its newiQ
