Are you guys saying that I should force my client to require their client to create a user account? Or am I missing something here in the symantics. Because I don't see another solution.
BTW I am not talking about guarding Fort Knox here. -- Ryan LeTulle On Fri, Jun 12, 2009 at 4:21 AM, Tom Chiverton <tom.chiver...@halliwells.com > wrote: > > On Friday 12 Jun 2009, Ryan Letulle wrote: > > An example would be for an emailed order confirmation with a link back to > > their order details. ... By using an > > integer it would be extremely easy for someone to view other order > details > > but not so with a uuid. > > But surely your getOrderFromOrderId() method checks that the id number it > is > given belongs to the currently logged in user... oh... ummm ?:-) > > -- > Helping to paradigmatically seize B2B professional dot-com convergence as > part > of the IT team of the year, '09 and '08 > > Tom Chiverton > Developer > Tel: +44 0161 618 5032 > Fax: +44 0161 618 5099 > tom.chiver...@halliwells.com > 3 Hardman Square, Manchester, M3 3EB > www.Halliwells.com > > **************************************************** > > This email is sent for and on behalf of Halliwells LLP. > > Halliwells LLP is a limited liability partnership registered in England and > Wales under registered number OC307980 whose registered office address is at > Halliwells LLP, 3 Hardman Square, Spinningfields, Manchester, M3 3EB. A list > of members is available for inspection at the registered office together > with a list of those non members who are referred to as partners. We use the > word “partner” to refer to a member of the LLP, or an employee or consultant > with equivalent standing and qualifications. Regulated by the Solicitors > Regulation Authority. > > CONFIDENTIALITY > > This email is intended only for the use of the addressee named above and > may be confidential or legally privileged. If you are not the addressee you > must not read it and must not use any information contained in nor copy it > nor inform any person other than Halliwells LLP or the addressee of its > existence or contents. If you have received this email in error please > delete it and notify Halliwells LLP IT Department on 0870 365 2500. > > For more information about Halliwells LLP visit www.Halliwells.com. > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:323443 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4