From: David Cantrell <[EMAIL PROTECTED]>
Date: Tue, 8 Feb 2005 08:23:05 +0000
On Mon, Feb 07, 2005 at 08:52:40PM -0500, Bob Rogers wrote:
> That depends on the number of possible tracking numbers vs. the number
> of possible "username.pw" strings. Since you can make the tracking
> number as long as you like, you can always make this solution
> arbitrarily less spoofable than username/pw.
I thought one of the reasons behind this was that passwords are too hard
to remember (this despite real users using the same damned password
everywhere). Having the user have to remember (or rather, write down)
a long tracking number surely is just as bad if you accept the premise
that users are too stupid to remember things.
It does force the user to save the number somewhere, and probably in
machine-readable format. So, as with most security designs, there is a
tradeoff, in this case between brute-force guessability and exposure
through hacking the customer's computer.
But I bet most people allow their browser to remember their
password(s) for them anyway. So, given that reality, there is little
practical difference between username/password and "crypto cookie."
(But I see that thought has already crossed your mind . . . )
And since these are per-transaction passwords, the amount that gets
divulged by any successful exploit is pretty small -- especially since
you can't get an anonymous user's personal information! That ought to
make even the British happy . . .
> Two problems: (1) You have no way to contact the customer in
> case there are problems with the order; and (2) users may consider it
> spooky that the system remembers who they are based on only their credit
> card number -- they may not believe you're not storing the card number.
If you remember who a user is based on their credit card number you lose
anyway, because people have more than one card and can't necessarily
remember which card they used last time they visited.
It's not the same as having a handle on the user who owns all of those
cards, but it does allow you to associate some of those transactions for
repeat users who do use the same card.
> Of course, this all hinges on keeping those URLs and/or cookies that
> contain the tracking number secure. The user would probably want to
> bookmark the status page; wouldn't that also be vulnerable to Javascript
> exploits?
No more so, I think, than the average user keeping that url anywhere
else on their disgusting Windows-infested box.
;-}
-- Bob
_______________________________________________
Boston-pm mailing list
[email protected]
http://mail.pm.org/mailman/listinfo/boston-pm
