0
votes

The company that I work for is wanting to provide a means of allowing our client to provide links to our site for the purposes of allowing their own clients to schedule a payment to them through us.

We want the solution to be as seemless and easy to use as possible. Our clients are not likely to have the ability to do any sort of programming our scripting on their side and so we want to simply provide them with a link that they can use that will reliably identify which of our clients sent this person to our website.

My first thought was to simply use the query string to pass along their unique identifier as a parameter. We would generate this link for them and even host an image for it on our own servers. We do not want their identification number to be accessible to observers, nor do we want our clients to have to make their own links.

The only solution that we've come up with is to simply encrypt our local identifier with a timestamp, store the creation event in our database and use this information to check against the provided encrypted value in the querystring when we get hits to our site.

This prevents data from leaking out (so far as we can tell) but does nothing to prevent anyone from copying the link and using it anywhere (but really, we want our clients to just be able to stick it anywhere and just work).

Are we making significant tradeoffs in terms of security for ease of use? Should we instead just setup an account to be used by anyone at that particular client of ours to at least enforce the "idea" of security (a shared login for all of their clients isn't very secure either, is it?)

Ultimately our goal is to make this a fast, transparent process. Do we have to sacrifice security to make it fast and transparent?

1
What exactly is that identifier used for? Just to identify the recipient of the payment?Gumbo
Yes, this identifier maps to a client in our database who will be the recipient of the payment that is made.JamesG

1 Answers

1
votes

This is what I would do,

  1. Sign the link with a secret so no one else can make up a random link.
  2. Add a parameter to identify the partner site.
  3. Configured a list of allowed referer for the site.
  4. Upon receiving the request, check the signature and enforce the referer.

This is not super secure but meet most of your requirement.