> It's secure enough to the point where only somebody who can > rewrite the raw HTTP header to look like the one on my > servers, is able to get a hack through. This is hard enough > to do, and enough of a rare case, that if they did that, I'm > sure the admins would eventually (if not immediately) notice > the discrepancy (as it is calculated on the admin side), and > void the transaction. I'm trying to avoid this happening on a > large scale.
I think you're overestimating the difficulty of rewriting HTTP headers. I think you're also underestimating the population of computer criminals. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ voice: (202) 797-5496 fax: (202) 797-5444 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
