Securing paid file download
Posted: Mon Jul 06, 2009 4:10 am
Hi, as a newbie to PHP security, I'm wondering if the following solution to secure paid file download is watertight:
* create a session
* create a random number, e.g. with mt_rand() and keep it as a session variable
* on payment, pass this random number to the payment service provider and have it returned on payment completion.
* on download page, check if returned value mathes random number stored in session variable.
If it does, enable file download.
Any suggestions welcome! Many thanks, Louis.
* create a session
* create a random number, e.g. with mt_rand() and keep it as a session variable
* on payment, pass this random number to the payment service provider and have it returned on payment completion.
* on download page, check if returned value mathes random number stored in session variable.
If it does, enable file download.
Any suggestions welcome! Many thanks, Louis.