Re: Paypal and "going root" - Mailing list pgsql-general

From Dave Page
Subject Re: Paypal and "going root"
Date
Msg-id 464C6781.4060006@postgresql.org
Whole thread Raw
In response to Paypal and "going root"  (Kenneth Downs <ken@secdat.com>)
Responses Re: Paypal and "going root"
Re: Paypal and "going root"
List pgsql-general
Kenneth Downs wrote:
> The last one left that I have is the sticky issue of a paypal IPN
> transaction coming in.  I believe it applies generally to financial
> transactions.  The user is sent by our application to the Paypal site.
> When they pay, paypal sends a POST with various information that we
> need.  The user does not see this, it is behind the scenes.  The POST
> request must run as an anonymous user because I have no state
> whatsoever.  But the request must also commit financial data.  This
> creates a vulnerability, at least in theory.  There are fields contained
> in the transaction meant to allow confirmation and prevent fraud, but I
> just don't like that idea of running anonymously and committing
> financial data.
>
> In this case it seems creating a stored procedure will not automatically
> help, as then we just execute the SP anonymously, and it strikes me as
> no different.
>
> Has anybody pondered this and come up with anything?
>

In response to the incoming IPN you can create a connection back to the
paypal server to validate it. Iirc, you basically just send the entire
request back again and it returns 'VERIFIED'.

Only then do you act upon the IPN data (remember to double check all the
prices etc, to catch any instance in which a user might have faked the
handover from your site to Paypal).

Regards, Dave.

pgsql-general by date:

Previous
From: Richard Huxton
Date:
Subject: Re: Paypal and "going root"
Next
From: Andrew Sullivan
Date:
Subject: Re: Fault Tolerant Postgresql (two machines, two postmasters, one disk array)