Which of the following is the best way to generate a unique

Which of the following is the best way to generate a unique transaction ID for communication with a payment gateway like SecurePay?

Select one:

a. Concatenate the user id and date

b. Take a SHA-1 hash of the user id

c. There is no need for a unique transaction ID, so why bother?

d. Use the PHP uniqid() function and store it in the Orders table

Q

When a user logs in, registers, looks at their cart, etc. you redirect them back to the page they were previously on by picking up a URL GET variable of the form \"continue=pagename.php\". You realise that this may expose you to OWASP A10, \"Unvalidated redirects and forwards\". Which table of the \"Store Reference Schema\" could you use to validate this URL?

Select one:

a. Attribute

b. Log

c. Commands

d. Session

Q

In order to process payments, you create a form on your shopping cart page that consists of nothing but hidden input fields containing your store details, the order total amount and an order ID. The form submit button triggers an action that POSTS all that information directly to your partner payment processor, ready for the customer to enter their credit card details. What is wrong with this technique?

Select one:

a. It is insecure because you are trusting the credit card processor with your order data.

b. Nothing - it will work just fine, and you avoid handling the credit card details with consequent PCI DSS compliance.

c. It is insecure because the customer and the customers browser are being trusted with critical data.

d. It will involve you in a lot of work to comply with PCI DSS.

Solution

Which of the following is the best way to generate a unique transaction ID for communication with a payment gateway like SecurePay?

b. Take a SHA-1 hash of the user id