eek! That's realy yucky. How's about not doing any of that. Get an application on the server to do all of that. In your code they type in the all relevent details that the CC merchant operator needs as well as details that you use. Like a username and password.
On your server app you parse the results, do a CFHTTP to process all the information that needs to go to the CC provider and you populate your own database with their details, including their username and password. Once you've done that you have a user database that you're in charge of. Then you can be as fancy as you like with your authentication, placing it behind a CF app or getting it to further populate a db that .htaccess is configured to use, or however your webserver is configured etc, etc. It's got the added bonus that some REALLY neferious type could actually manipulate the information and have the money credited to another account! Like back to themselves. (even if you could somehow protect your movies, as far as the CC payment system, the payment worked. So if your cf app picked up on that, it wouldn't know that the money actually made it!) Max At 18:15 27/01/2002 +1100, you wrote: >I'm writing a small CF application for a customer. The concept >is quite simple. A visitor comes to the website and pays $10 >via an internet CC payments company. The payment of $10 allows >the customer to view a movie. > >The implementation seems to have a flaw. The internet CC payment >company provides a CGI which receives information via hidden >input fields. The hidden fields contains details identifying >who the payment is to be credited to, the amount and the >URL to call if the transaction is completed succesfully. > >I've been wondering how to clever people from simply calling >the sucessful transaction URL to view the movie, thereby >bypassing the CC payment transaction. > >All of the ways I've though of for preventing people directly >calling the succussful transaction URL have the problem that >they are easy to work around. > >I'd appreciate peoples input on the best approaches to >overcoming the problem using CF. > >Regards. Paul > > ______________________________________________________________________ Macromedia ColdFusion 5 Training from the Source Step by Step ColdFusion http://www.amazon.com/exec/obidos/ASIN/0201758474/houseoffusion ------------------------------------------------------------------------------ Archives: http://www.mail-archive.com/cf-linux%40houseoffusion.com/ To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_linux or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
