Giter Club home page Giter Club logo

Comments (8)

Tai7sy avatar Tai7sy commented on August 11, 2024

未支付订单的订单信息和之前下单的都一致吗?

from card-system.

zhouzhili avatar zhouzhili commented on August 11, 2024

是的,用户填的联系方式都一直,显示未支付

from card-system.

zhouzhili avatar zhouzhili commented on August 11, 2024

这是已支付的订单:
image

这是未支付的订单(支付时间是取的创建时间,我自己改的)
image

中间的联系方式180和124是我自己测试的未支付订单,只创建了一次订单,但是14分钟后,会几乎同时出现2个未支付订单

from card-system.

Tai7sy avatar Tai7sy commented on August 11, 2024

看下下单IP吧,你可能是重放攻击的受害者

from card-system.

zhouzhili avatar zhouzhili commented on August 11, 2024

看下下单IP吧,你可能是重放攻击的受害者

大佬,哪里能看到下单IP?

from card-system.

zhouzhili avatar zhouzhili commented on August 11, 2024

哎,设置的自动清除了一天前的未支付订单,数据只能看到2条了,之前的都没有,这IP大佬能看下吗,重放攻击怎么防呀
image

from card-system.

Tai7sy avatar Tai7sy commented on August 11, 2024

220.196.160这些前缀应该是扫描的,在重放攻击。
建议开启下单验证码

from card-system.

imPrk0 avatar imPrk0 commented on August 11, 2024

疑重放攻击的理由是这些下单的订单除 IP 地址外,下单的数据几乎一致。用相同的下单数据去重复请求。
通常来说,出现的订单为未支付订单往往不会造成过大的安全威胁( 安全问题)。

为确保严谨性,我于 2023-06-26T07:25:36.072Z 搭建了一个环境,使用了最新的程式码(如果你的支付驱动和程序是 GitHub 最新的话),使用了 支付宝当面付 f2f支付宝企业 PC 分别测试,并未发现存在上述问题。

分别测试的情况为:

  • 支付后,未出现未支付订单
  • 未支付,同样未出现多余订单

以此确保程式码并未出现有关问题。

from card-system.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.