On Thu, 17 May 2007 09:45:18 -0400
Kenneth Downs <ken@secdat.com> wrote:
> The last one left that I have is the sticky issue of a paypal IPN
> transaction coming in. I believe it applies generally to financial
> transactions. The user is sent by our application to the Paypal site.
> When they pay, paypal sends a POST with various information that we
> need. The user does not see this, it is behind the scenes. The POST
> request must run as an anonymous user because I have no state
> whatsoever. But the request must also commit financial data. This
> creates a vulnerability, at least in theory. There are fields contained
> in the transaction meant to allow confirmation and prevent fraud, but I
> just don't like that idea of running anonymously and committing
> financial data.
This really isn't postgresql, but anyways: The IPN has fraud detection
built into it, if you follow PayPal's instructions on this. Do
not just accept the IPN, you have to contact PayPal's site with
the info from the IPN so that they can verify it.
Second, it's not an "anonymous user", it's the user running the
webserver that received the IPN. You could set this webserver
up to run as a special user, say "paypalipn", and no-one else
can run as that user, then it's no longer anonymous, and you
can grant privileges as you see fit.
j