On Mon, Feb 07, 2005 at 04:04:16PM -0500, Greg London wrote: > I'll buy pizza for a perlmonger meeting if I can get a > definite yes/no answer on these questions.
Don't you always buy the pizza anyway? :) The problem is the word 'secure' - it means different things to different people. My take: > Greg London said: > > So, if a buyer goes to a website, puts in his email address and > > fills out his order information (product, CC#, shipping address) > > could the site give him a tracking number / one-time password so he > > could check the status of his order and report a problem? Yes, quite possible. > > Would it be possible to do this in a secure manner? In theory, if your ticket number you're giving is hard enough to guess (especially if it's coupled with the email address of the user) it's about as secure as making them register. I mean, it IS automatically registering them, with a system generated password and their email as the username. > > Would it be a secure transaction? What do you mean by this? What is the transaction? The user paying the company, or the company shipping to the user, or something else? > > Would it be any less secure than having the user set up an account > > and their own password? Probably MORE secure, since most user-selected passwords are crap. A system generated 'ticket' (don't call it password) will be much more difficult to guess. That help at all? -- Dan Boger [EMAIL PROTECTED] _______________________________________________ Boston-pm mailing list [email protected] http://mail.pm.org/mailman/listinfo/boston-pm
