-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday 27 January 2002 02:15, Paul Black wrote: : I'm writing a small CF application for a customer. The concept : is quite simple. A visitor comes to the website and pays $10 : via an internet CC payments company. The payment of $10 allows : the customer to view a movie. : : The implementation seems to have a flaw. The internet CC payment : company provides a CGI which receives information via hidden : input fields. The hidden fields contains details identifying : who the payment is to be credited to, the amount and the : URL to call if the transaction is completed succesfully. : : I've been wondering how to clever people from simply calling : the sucessful transaction URL to view the movie, thereby : bypassing the CC payment transaction. : : All of the ways I've though of for preventing people directly : calling the succussful transaction URL have the problem that : they are easy to work around. : : I'd appreciate peoples input on the best approaches to : overcoming the problem using CF. : : Regards. Paul
For the CF, you should look into CFCONTENT. The URL in the hidden field could be a template that verifies the correct referrer, and any other verification information, and then puts out the movie be way of cfcontent. Or you could go by way of .htaccess directives protecting the folder that the movie is in, but you would need a way of getting them a user/pass, as well as getting that info into the .htpasswd file on the server... I've built a cam site before that used both methods. The client used a CC payment co. that regulated membership via a cgi call to the client's server, adding and removing members as needed to the .htaccess that was protecting the 'member' directory. And then I used the cfcontent to hide/protect the cam images within that directory, to be able to regulate how/how-often they are being pulled (must have blah as a referrer, not more than n times a minute, no more than n ip/hosts associated with each HTTP_USER, etc). Hope any of this points you in the right direction.... Geo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE8VBj86lWSWPFnGFARAp0UAJ4vjVd2AK+Wi3YWyy0Kg8LoC8cxmACeIfzN du3cEd4+cFU0zuFnc6CGWjo= =7Gzn ______________________________________________________________________ Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm ------------------------------------------------------------------------------ Archives: http://www.mail-archive.com/cf-linux%40houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_linux or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
