在Web应用程序之间传递ID(Passing IDs between web applications)
我们有几个Web应用程序可以创建购物车,将其保存到数据库,然后重定向到集中式Web应用程序以处理和接受购物车的付款。 现在,我们使用GUID作为购物车ID,并将查询字符串中的GUID传递给支付应用程序。 我们正在使用GUID,以便用户无法轻易猜出其他用户的购物车ID,只需将该ID插入URL即可。
现在,在数据库中使用GUID不利于索引,并且在URL中使用GUID并不能真正阻止用户访问另一个购物车。 但是,使用传递整数会使它变得太容易。
将ID从各个应用程序传递到集中支付应用程序的最佳和最安全的方法是什么?
我知道有些人可能会说,“谁在乎别人是否愿意为别人的购物车买单?” 但是,在将ID传递给显示收据的页面时,我们也会遇到同样的问题,该页面包含客户的名称。
We have several web applications that create a shopping cart, save it to a database, then redirect to a centralized web application to process and accept payment for the shopping cart. Right now, we are using GUIDs for the shopping cart IDs and passing those GUIDs in the querystring to the payment application. We are using GUIDs so that a user cannot easily guess the shopping cart ID of another user and simply plug that ID into the URL.
Now, using GUIDs in the database is bad for indexing and using GUIDs in the URL does not truly prevent a user from accessing another cart. However, using passing integers around would make it too easy.
What is the best and most secure way to pass the IDs from the individual applications to the centralized payment application?
I know that some people may say, "Who cares if someone else wants to pay for someone else's shopping cart?" However, we have the same concern when passing IDs to the page that displays the receipt and that page includes the customer's name.
原文:https://stackoverflow.com/questions/3246361
最满意答案
我建议你使用
ng-if
功能来隐藏用户永远不会看到的内容。您的问题可以通过多种方式得到解答。 但我会尝试解释一个有用的可重用方法。
<!-- From the html only call exact functions in your controller --> <div ng-controller="TestController as vm"> <button ng-if="vm.hasEditRights()">Editbutton</button> <button ng-if="vm.hasCreateRights()">Createbutton</button> </div>
myApp.controller('TestController', ['$scope', 'UserService', function($scope, UserService) { var vm = this; // The functions in the controllers define the actual rights for the functionality vm.hasEditRights = function() { // Check rights in the UserService with a list of roles that are allowed to this functionality. // This way you can assign multiple roles to 1 functionality. // Implement the UserService.hasRole function to check the role of the logged in user // (if the user role is available in the list of roles given than the function will return true) return UserService.hasRole([Role.PowerUser]) }; vm.hasCreateRights = function() { return UserService.hasRole([Role.PowerUser, Role.Basic]) }; }]);
编辑:添加了UserService.hasRole函数的示例
var user; // represents the user object xxx.hasRole = function(allowedRoles) { if (angular.isUndefined(allowedRoles)) { return false; } if (angular.isUndefined(user) || angular.isUndefined(user.role)) { return false; } return allowedRoles.indexOf(user.role) !== -1; }
I would suggest u use the
ng-if
functionality for hiding content that a user never have to see.Your queston can be answered in many ways. But I will try to explain an usefull reusable method.
<!-- From the html only call exact functions in your controller --> <div ng-controller="TestController as vm"> <button ng-if="vm.hasEditRights()">Editbutton</button> <button ng-if="vm.hasCreateRights()">Createbutton</button> </div>
myApp.controller('TestController', ['$scope', 'UserService', function($scope, UserService) { var vm = this; // The functions in the controllers define the actual rights for the functionality vm.hasEditRights = function() { // Check rights in the UserService with a list of roles that are allowed to this functionality. // This way you can assign multiple roles to 1 functionality. // Implement the UserService.hasRole function to check the role of the logged in user // (if the user role is available in the list of roles given than the function will return true) return UserService.hasRole([Role.PowerUser]) }; vm.hasCreateRights = function() { return UserService.hasRole([Role.PowerUser, Role.Basic]) }; }]);
EDIT: Added example of the UserService.hasRole function
var user; // represents the user object xxx.hasRole = function(allowedRoles) { if (angular.isUndefined(allowedRoles)) { return false; } if (angular.isUndefined(user) || angular.isUndefined(user.role)) { return false; } return allowedRoles.indexOf(user.role) !== -1; }
相关问答
更多-
只需注意Angular所做的更改: console.log('Getting Data from fire base' + JSON.stringify($scope.user)); $scope.showDiv = false; $scope.user = $scope.Coupon; $scope.$apply(); Just notice Angular that a change has made: console.log('Getting Data from fir ...
-
替代ng-show / -hide或如何仅加载DOM的相关部分(Alternative to ng-show/-hide or how to load only relevant section of DOM)[2022-10-07]
为了避免“未编译内容的闪存”,请使用ng-bind而不是{{}}或使用ng-cloak : Hello, {{name}}! 如果您使用ng-cloak,并且您不将Angular.js加载到HTML的头部,则需要将其添加到CSS文件中,并确保它在页面顶部加载: [ng\:cloak], [ng-cloak], .ng-cloak { display: none; } 请注意,您只需要在初始页面上使用这些指令。 稍后提取的内容(例如 ... -
不要在ng-if中使用{{}}。 表达式无论如何都会执行:将您的表单名称name =“email-form”更改为name =“emailForm”。 在文档之后,您应该使用以下内容 : required not an email 与其他两个相同。 ...我建议你使用ng-if功能来隐藏用户永远不会看到的内容。 您的问题可以通过多种方式得到解答。 但我会尝试解释一个有用的可重用方法。