Upgrade to Pro — share decks privately, control downloads, hide ads and more …

defense

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for Chen Chen
February 27, 2023

 defense

568

Avatar for Chen

Chen

February 27, 2023
Tweet

More Decks by Chen

Other Decks in Education

Transcript

  1. Contrast Make A Purchase 18 Web Code Auth Server CC

    Server SSN Server GET /selectPayment isSessionValid?
  2. Contrast Make A Purchase 19 Web Code Auth Server CC

    Server SSN Server GET /selectPayment Yes
  3. Contrast Make A Purchase 20 Web Code Auth Server CC

    Server SSN Server GET /selectPayment Get Cards for user=brian sid=123456789
  4. Contrast Make A Purchase 21 Web Code Auth Server CC

    Server SSN Server GET /selectPayment Get Cards for user=brian sid=123456789 IsValid? Yes
  5. Contrast Make A Purchase 22 Web Code Auth Server CC

    Server SSN Server GET /selectPayment Get Cards for user=brian sid=123456789 ending in 9876 ending in 0000 Only give back what is needed to web server! (e.g., not full credit card #s)
  6. Contrast Make A Purchase 23 Web Code Auth Server CC

    Server SSN Server Purchase $579,cardid=1 user=brian… POST /makePayment IsValid? Yes
  7. Contrast Make A Purchase 24 Web Code Auth Server CC

    Server SSN Server POST /makePayment Bank's Server
  8. Contrast Make A Purchase 25 Web Code Auth Server CC

    Server SSN Server POST /makePayment Ok! No need to ever report full credit card numbers back to web code (only time it sees is when user adds them)