Closed
Bug 1021359
Opened 11 years ago
Closed 11 years ago
Enable product verification for in-app purchase receipts
Categories
(Marketplace Graveyard :: Payments/Refunds, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: kumar, Assigned: jlockhart)
References
Details
An in-app purchase receipt currently gets validated for having the right signature and for having an existing contribution object in the Marketplace db. A vendor also needs a way to verify that the receipt is for the right *product*. In other words, an attacker could pass a perfectly valid in-app receipt to the vendor but one for the wrong product. The vendor needs a way to prevent that.
For app purchases, the vendor does this by verifying the productURL. See https://github.com/mozilla/receiptverifier#options
We need to think of what data to put in the receipt to enable in-app product verification.
Assignee | ||
Updated•11 years ago
|
Assignee: nobody → jkerim
Updated•11 years ago
|
Priority: -- → P2
Assignee | ||
Comment 1•11 years ago
|
||
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•