3. Web security tips

Web security tips

So I think my step by step solution to this will be this; with each charge the device will verify with the server via a key and a device id, if keys match the server will generate a random token and store the token along with the device id in the db then send the token back to the device, device will then send a request to charge the card to the server with the key, token and device id, server matches the keys then looks up device id and confirms tokens match then sends charge request to stripe. Charge is completed, server generates another random token, stores it, and sends some simple data along with the token back to the device letting it know that it can proceed with uploading order data, device sends key, token and device id and is verified again then server sends data to corresponding db's.

Site urls will be scattered (subfolders), files and subfolders will be renamed something inconspicuous so they are harder to guess, each url will need to be accompanied by a predefined key or they will be redirected to the landing page which will simply be a single page with our company logo/name. Also, each time the supplier loads the orders page the system will check for duplicate orders, orders missing crucial data and orders with the same charge id/ other verifiable data.

That's about all I can think of that would secure the system. It's probably over kill and also redundant but I would like this thing to be super secure as this will be a starting point for most projects I will work on moving forward.

Comments/ critique welcomed.

/r/PHPhelp Thread
Previous
Next

Recently removed from /r/PHPhelp

Why ‘false’ == true is 1? How can I optimize this code? Is it possible to do 'SELECT FROM table WHERE "userinput from dropdown selection" = :id; Help using form field array results to conditionally echo some text I'm sorry to ask this, but how do I send an email using PHP? $_post not working? How to render views on custom MVC framework ? how to move navigation bar to top wordpress? Made change to slider in header, now entire site crashed. HELP! Bet System

More Random Comments

Women of Reddit, what was a scary situation you were in that turned out not to be scary at all? DHS watchdog finds widespread mistreatment of immigrants at ICE facility Weekly NoNewNormal Chat/Vent/Support Being “competitive” is toxic and shouldn’t be valued by society What do you think of Cheryl and Minerva? How do I ask out a bartender? Taking MDMA before seeing therapist Are dictionaries in all languages written the same way? I believe my targeted advance has been denied The four teleportation pads in the middle of Oribos should teleport you to the one next to the flight master when used. Free Talk Friday US couple arrested while trying to join ISIS in Yemen Evolution of psychosis. New Laptop Its VERY UNFAIR to bash the Charmed Ones for no longer wanting to do defend Mankind near the end! Since they're already exhausted (even suffering PTSD traits) from nonstop fights esp as they lose beloved people over the years! This is One Thing Kern did right that I think Constance was wrong in!