Welcome to the Treehouse Community
Looking to learn something new?
Kevin Korte28,109 Points
Storing stripe ids in html. Is it safe?
Been looking for an answer and I'm not sure yet. My question is, is it safe to store things like card ids in the html. Let me explain.
And application I'm playing with, there is a section where a user on their account settings page add, and remove cards from their account, while also making a different card the primary card. It all works.
Except for I'm not storing any of their card info on my servers. I rely on making API calls to stripe to fetch the data (I am storing their stripe customer id in my database though). So when a user takes an action with a card, the button submits a form element with a single hidden field, the card id, something that looks like this => card_163to8ECdSEsYuLSHQ5FjhtR
And then in my controller, I get that value, and carry on my way. It works fine.
But can someone use that card id to do something malicious. Should i refactor and store card ids in my database and instead reference the unique table id of the card id in the html instead?