Dan Boger wrote: > > On Mon, Feb 07, 2005 at 04:04:16PM -0500, Greg London wrote: > > I'll buy pizza for a perlmonger meeting if I can get a > > definite yes/no answer on these questions. > > Don't you always buy the pizza anyway? :)
Actually, that would describe Ron. I've done it a few times, I'm just a lot more vocal about it than he is. ;) > The problem is the word 'secure' - it means different things to > different people. My take: > > > Greg London said: > > > So, if a buyer goes to a website, puts in his email address and > > > fills out his order information (product, CC#, shipping address) > > > could the site give him a tracking number / one-time password so he > > > could check the status of his order and report a problem? > > Yes, quite possible. > > > > Would it be possible to do this in a secure manner? > > In theory, if your ticket number you're giving is hard enough to guess > (especially if it's coupled with the email address of the user) it's > about as secure as making them register. I mean, it IS automatically > registering them, with a system generated password and their email as > the username. > > > > Would it be a secure transaction? > > What do you mean by this? What is the transaction? The user paying the > company, or the company shipping to the user, or something else? hm, well, defining "secure" in absolute terms is probably too difficult... the current way is for users to create an account with email address for a username and a password they provide. They then order, pay, ship, etc, etc. The proposed way would be for the user to provide an email with their order, and get a auto generated one-time password that works as a tracking number for that order. I guess the question would be is the proposed way is no less secure then the current way, for all the various stages, ordering, paying, checking status, reporting a problem, all through an online interface. I mean, it doesn't make the proces >less< secure, does it? > > > Would it be any less secure than having the user set up an account > > > and their own password? > > Probably MORE secure, since most user-selected passwords are crap. A > system generated 'ticket' (don't call it password) will be much more > difficult to guess. > > That help at all? > > -- > Dan Boger > [EMAIL PROTECTED] > > _______________________________________________ > Boston-pm mailing list > [email protected] > http://mail.pm.org/mailman/listinfo/boston-pm -- Greg London Zoran Corporation 781-638-7541 _______________________________________________ Boston-pm mailing list [email protected] http://mail.pm.org/mailman/listinfo/boston-pm
