On Mon, 7 Feb 2005, Greg London wrote: > Dan Boger said: > > - Register, and be able to track your package, > > Could you track an order with just a tracking number? > Maybe an email address and a tracking number? > > I would think the tracking number could act as a > one-time password, sort of. But maybe I'm missing something. If tracking numbers can be guessed, then random visitors can start constructing URLs that will let them see who bought what.
This probably isn't what you want. You could maybe MD5 hash the numbers or something, which would at least make the space of numbers to be guessed a lot bigger, but you're still opening yourself up to privacy complaints if random visitors can get to other people's purchase records, especially if you have customers from countries with credible privacy laws (e.g. UK & EU). -- Chris Devers _______________________________________________ Boston-pm mailing list [email protected] http://mail.pm.org/mailman/listinfo/boston-pm
