首页 \ 问答 \ 在Web应用程序之间传递ID(Passing IDs between web applications)

在Web应用程序之间传递ID(Passing IDs between web applications)

 我们有几个Web应用程序可以创建购物车，将其保存到数据库，然后重定向到集中式Web应用程序以处理和接受购物车的付款。 现在，我们使用GUID作为购物车ID，并将查询字符串中的GUID传递给支付应用程序。 我们正在使用GUID，以便用户无法轻易猜出其他用户的购物车ID，只需将该ID插入URL即可。  
 现在，在数据库中使用GUID不利于索引，并且在URL中使用GUID并不能真正阻止用户访问另一个购物车。 但是，使用传递整数会使它变得太容易。  
 将ID从各个应用程序传递到集中支付应用程序的最佳和最安全的方法是什么？  
 我知道有些人可能会说，“谁在乎别人是否愿意为别人的购物车买单？” 但是，在将ID传递给显示收据的页面时，我们也会遇到同样的问题，该页面包含客户的名称。 

We have several web applications that create a shopping cart, save it to a database, then redirect to a centralized web application to process and accept payment for the shopping cart. Right now, we are using GUIDs for the shopping cart IDs and passing those GUIDs in the querystring to the payment application. We are using GUIDs so that a user cannot easily guess the shopping cart ID of another user and simply plug that ID into the URL. 
Now, using GUIDs in the database is bad for indexing and using GUIDs in the URL does not truly prevent a user from accessing another cart. However, using passing integers around would make it too easy. 
What is the best and most secure way to pass the IDs from the individual applications to the centralized payment application?  
I know that some people may say, "Who cares if someone else wants to pay for someone else's shopping cart?" However, we have the same concern when passing IDs to the page that displays the receipt and that page includes the customer's name.

原文：https://stackoverflow.com/questions/3246361

更新时间：2021-01-19 08:01

最满意答案

 我建议你使用ng-if功能来隐藏用户永远不会看到的内容。  
 您的问题可以通过多种方式得到解答。 但我会尝试解释一个有用的可重用方法。  
<!-- From the html only call exact functions in your controller -->
<div ng-controller="TestController as vm">
    <button ng-if="vm.hasEditRights()">Editbutton</button>
    <button ng-if="vm.hasCreateRights()">Createbutton</button>
</div>
 
myApp.controller('TestController', ['$scope', 'UserService', 
    function($scope, UserService) {

    var vm = this;
    // The functions in the controllers define the actual rights for the functionality
    vm.hasEditRights = function() {
        // Check rights in the UserService with a list of roles that are allowed to this functionality. 
        // This way you can assign multiple roles to 1 functionality.
        // Implement the UserService.hasRole function to check the role of the logged in user 
        // (if the user role is available in the list of roles given than the function will return true)
        return UserService.hasRole([Role.PowerUser])
    };
    vm.hasCreateRights = function() {
        return UserService.hasRole([Role.PowerUser, Role.Basic])
    };
}]);
 
 编辑：添加了UserService.hasRole函数的示例  
var user; // represents the user object
xxx.hasRole = function(allowedRoles) {
    if (angular.isUndefined(allowedRoles)) {
        return false;
    }
    if (angular.isUndefined(user) || angular.isUndefined(user.role)) {
        return false;
    }
   return allowedRoles.indexOf(user.role) !== -1;
}

I would suggest u use the ng-if functionality for hiding content that a user never have to see. 
Your queston can be answered in many ways. But I will try to explain an usefull reusable method. 
<!-- From the html only call exact functions in your controller -->
<div ng-controller="TestController as vm">
    <button ng-if="vm.hasEditRights()">Editbutton</button>
    <button ng-if="vm.hasCreateRights()">Createbutton</button>
</div>
 
myApp.controller('TestController', ['$scope', 'UserService', 
    function($scope, UserService) {

    var vm = this;
    // The functions in the controllers define the actual rights for the functionality
    vm.hasEditRights = function() {
        // Check rights in the UserService with a list of roles that are allowed to this functionality. 
        // This way you can assign multiple roles to 1 functionality.
        // Implement the UserService.hasRole function to check the role of the logged in user 
        // (if the user role is available in the list of roles given than the function will return true)
        return UserService.hasRole([Role.PowerUser])
    };
    vm.hasCreateRights = function() {
        return UserService.hasRole([Role.PowerUser, Role.Basic])
    };
}]);
 
EDIT: Added example of the UserService.hasRole function 
var user; // represents the user object
xxx.hasRole = function(allowedRoles) {
    if (angular.isUndefined(allowedRoles)) {
        return false;
    }
    if (angular.isUndefined(user) || angular.isUndefined(user.role)) {
        return false;
    }
   return allowedRoles.indexOf(user.role) !== -1;
}

根据结果使用ng-show / ng-hide来显示消息或显示内容(Use ng-show/ng-hide based on results to display messages or show content)[2021-09-11]

这是一个jsBin，展示了我如何使用ng-show和ng-hide做到这一点基本上：

为什么在ng-show中使用ng-hide可以适用于这两种情况(why use ng-hide when ng-show can work for both situations)[2022-05-08] 我认为这个问题没有任何理由被贬低 - 这是一个有效的想法。但原因很简单。 AngularJS将“声明性”作为其核心理念之一。如果90％的时间你想要一个元素显示，但偶尔它应该被隐藏， ng-hide="thatcondition"清楚地表明它何时应该是hdiden。如果大多数时候它应该是HIDDEN，那么ng-show="thatrarecondition"更具可读性。清晰，可读的代码是任何框架中的重要原则，尤其是在AngularJS中。的! 运算符很窄且很容易被遗漏，远远超过任何其他比较，例如>, ... 基于范围值的ng-hide(ng-hide based on scope values)[2022-06-30] 使用if和else条件更新范围。 if($scope.user_admin1!=="superadmin") { alert("Not Superadmin"); $scope.visible =true; // return $scope.visible; }else{ $scope.visible =false; } 并更改HTML，如下所示。 city ... AngularJS ng-hide ng-show或ng-if基于数组项的活动状态(AngularJS ng-hide ng-show or ng-if based on active state of array items)[2022-02-23] 我更喜欢使用过滤器在HTML本身上做。你的ng-if / ng-show条件是ng-if="(menu \| filter : {active: true}).length == 0" 标记 Please add items 相关文章更多 Riak, haproxy, and client side applications Hibernate在Web应用程序中使用示例 Beware the Web Fads of Yesteryear Shiro整合到Web应用 JAVA WEB Gradle构建Java Web应用程序并在Tomcat上运行 Tomcat的部署web项目在web应用中如何对异常进行处理从Web到移动应用的设计思维转换微信Web APP应用最新问答更多您如何使用git diff文件，并将其应用于同一存储库的副本的本地分支？(How do you take a git diff file, and apply it to a local branch that is a copy of the same repository?) 将长浮点值剪切为2个小数点并复制到字符数组(Cut Long Float Value to 2 decimal points and copy to Character Array) OctoberCMS侧边栏不呈现(OctoberCMS Sidebar not rendering) 页面加载后对象是否有资格进行垃圾回收？(Are objects eligible for garbage collection after the page loads?) codeigniter中的语言不能按预期工作(language in codeigniter doesn' t work as expected) 在计算机拍照在哪里进入使用cin.get（）从c ++中的输入流中丢弃不需要的字符(Using cin.get() to discard unwanted characters from the input stream in c++) No for循环将在for循环中运行。(No for loop will run inside for loop. Testing for primes) 单页应用程序：页面重新加载(Single Page Application: page reload) 在循环中选择具有相似模式的列名称(Selecting Column Name With Similar Pattern in a Loop) System.StackOverflow错误(System.StackOverflow error) KnockoutJS未在嵌套模板上应用beforeRemove和afterAdd(KnockoutJS not applying beforeRemove and afterAdd on nested templates) 散列包括方法和/或嵌套属性(Hash include methods and/or nested attributes) android - 如何避免使用Samsung RFS文件系统延迟/冻结？(android - how to avoid lag/freezes with Samsung RFS filesystem?) TensorFlow：基于索引列表创建新张量(TensorFlow: Create a new tensor based on list of indices) 企业安全培训的各项内容错误：RPC失败;(error: RPC failed; curl transfer closed with outstanding read data remaining) C＃类名中允许哪些字符？(What characters are allowed in C# class name?) NumPy：将int64值存储在np.array中并使用dtype float64并将其转换回整数是否安全？(NumPy: Is it safe to store an int64 value in an np.array with dtype float64 and later convert it back to integer?) 注销后如何隐藏导航portlet？(How to hide navigation portlet after logout?) 将多个行和可变行移动到列(moving multiple and variable rows to columns) 提交表单时忽略基础href，而不使用Javascript(ignore base href when submitting form, without using Javascript) 对setOnInfoWindowClickListener的意图(Intent on setOnInfoWindowClickListener) Angular $资源不会改变方法(Angular $resource doesn't change method) 在Angular 5中不是一个函数(is not a function in Angular 5) 如何配置Composite C1以将.m和桌面作为同一站点提供服务(How to configure Composite C1 to serve .m and desktop as the same site) 不适用：悬停在悬停时：在元素之前[复制](Don't apply :hover when hovering on :before element [duplicate]) 常见的python rpc和cli接口(Common python rpc and cli interface) Mysql DB单个字段匹配多个其他字段(Mysql DB single field matching to multiple other fields) 产品页面上的Magento Up出售对齐问题(Magento Up sell alignment issue on the products page) Copyright ©2023 peixunduo.com All Rights Reserved.粤ICP备14003112号本站部分内容来源于互联网，仅供学习和参考使用，请莫用于商业用途。如有侵犯你的版权，请联系我们(neng862121861#163.com)，本站将尽快处理。谢谢合作！

在Web应用程序之间传递ID(Passing IDs between web applications)

最满意答案

相关问答

从firebase获取数据后，ng-show / ng-hide值没有变化？(ng-show/ng-hide value is not changing after getting the data from firebase?)[2022-08-23]

替代ng-show / -hide或如何仅加载DOM的相关部分(Alternative to ng-show/-hide or how to load only relevant section of DOM)[2022-10-07]

模型更新后，ng-hide / ng-show不起作用(ng-hide /ng-show do not work after the model is updated)[2022-12-30]

angular - ng-show在表单字段变为无效时不会删除ng-hide类(angular - ng-show wont remove the ng-hide class when form field becomes invalid)[2023-09-14]

基于用户角色的Ng-hide或ng-show(Ng-hide or ng-show based on user roles)[2022-05-07]

无法使用ng-hide＆ng-show来处理令牌(Can't get ng-hide & ng-show to work with tokens)[2021-12-24]

根据结果使用ng-show / ng-hide来显示消息或显示内容(Use ng-show/ng-hide based on results to display messages or show content)[2021-09-11]

为什么在ng-show中使用ng-hide可以适用于这两种情况(why use ng-hide when ng-show can work for both situations)[2022-05-08]

基于范围值的ng-hide(ng-hide based on scope values)[2022-06-30]

AngularJS ng-hide ng-show或ng-if基于数组项的活动状态(AngularJS ng-hide ng-show or ng-if based on active state of array items)[2022-02-23]

Please add items

相关文章

最新问答