A method which I have used in the past: Give the user a temporary reference-key to the file (or URL to return to)
Once the payment has been made, enter a record in the database which records the time that the file download is valid for. Only access the download file through a data driven script, which checks if the file download is still valid. Regards, Jared Clinton. -----Original Message----- From: Double Down, Inc. [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 21 January 2003 10:46 AM To: CF-Talk Subject: Security Issue With PayPal & CF Here is a problem I am having that I would like to hear some people's thoughts and ideas on. I am setting up a site where a person will be able to download a file once they have paid for it by using paypal as my processor. Problem I am having is one of security. I do not want to give any information in the return URL for fear that people will be able to bypass it by using that information. I am also not sure if session variables will work since the person will be leaving my site to go to PayPal to fill out the payment info, before coming back to mine. If anyone has any ideas or suggestions, I would like to hear them. Need to get this problem solved fast. TIA DDINC ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
