On Thu, May 17, 2007 at 09:45:18AM -0400, Kenneth Downs wrote: > The last one left that I have is the sticky issue of a paypal IPN > transaction coming in. I believe it applies generally to financial > transactions. The user is sent by our application to the Paypal site. > When they pay, paypal sends a POST with various information that we > need. The user does not see this, it is behind the scenes. The POST > request must run as an anonymous user because I have no state > whatsoever. But the request must also commit financial data. This > creates a vulnerability, at least in theory. There are fields contained > in the transaction meant to allow confirmation and prevent fraud, but I > just don't like that idea of running anonymously and committing > financial data.
Just an additional comment to what others have said: have the incoming connection from paypal just dump all the relevent data into an unpriviledged table and have it send a NOTIFY. Then have a completely seperate daemon, with the right priviledges, do any necessary verification and update the real data. This at the very least gets you out of handling transient connection failures, and seems more stable all round... Hope this helps, -- Martijn van Oosterhout <[EMAIL PROTECTED]> http://svana.org/kleptog/ > From each according to his ability. To each according to his ability to > litigate.
signature.asc
Description: Digital signature