Paypal Checkout 客户端集成对于浏览器是否安全?
我正在开发一个 PHP 应用程序,我想使用 Paypal Checkout 客户端集成作为我网站的一种付款方式.但是,集成需要将您的客户端 ID"放在脚本中,该脚本将完全暴露在浏览器的控制台上.可以向公众公开您的客户 ID 吗?
I'm developing a PHP app and I want to use Paypal Checkout Client Integration as a mode of payment for my website. However, the integration requires to put your "client ID" in the script which will totally be exposed on the browser's console. Is it ok to expose your client id to the public?
截图-实现
此外,价格也在脚本中,如果人们会即时更改价格怎么办?
Also, the price is in the script as well, what if people will change the price on the fly?
对此有什么建议吗?
推荐答案
Client ID 是可以公开的,另一方面 Client SECRET 绝不能放在任何公开的地方,这只是给你的.
Client ID is okay to be public, Client SECRET on the other hand must never be placed into anywhere public, that's just for you.
FrankerZ 大多在评论中回答了这个问题,之后发生的验证是重要的方面.
FrankerZ mostly answered this in the comments, the validation that occurs after is the important aspect.
将您的客户 ID 视为您现实生活中的驾驶执照.如果有人偷了你的执照,他们仍然不能用它作为身份进入俱乐部,保镖只会说这显然不是你".
Consider your Client ID like your real life driving license. If someone steals your license they still can't use it as ID to get into a club, the bouncer will just say "That's obviously not you".
在上面的类比中,PayPal 是保镖.您的客户 ID 就是您的驾照,您的客户机密就是您的脸.
In the analogy above PayPal is the bouncer. Your client ID is your driving license and your client secret is your face.
相关文章