Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
My task is to do some calculatons with data provided by our partner and to return back the result. So in more details: I get data from partner,then generate confirmation form for user, he checks out that everything is OK and confirms my form. Then i generate “transaction” id, and need to redirect to partner with this id. The question is: how to pass such id so neither user nor anybody else could affect this param?
It sounds like your problem can be solved simply by using something unguessable for the transaction id. You could do something like this in PHP:
md5(uniqid(rand(), true))Something identifying needs to be passed, and it sounds like this identifier is ultimately coming from the user (since they will be carrying it with them from one site to another.) They will always be able to tamper with it if they really want to. By passing something random, you ensure that all they can do by tampering is render it invalid.