- see footer for list info -<
Hi all,
I have a shop system that sends out orders to a shipping company. The shipping company need to access a webpage that contains a confirmation note that contains all the purchaser's shipping and order details. This webpage will be accessed via a link from an email.
They feel it will be too annoying (process-wise) to have a username/password for this page and so the obvious problem is how do you stop jo public (or jo hacker) from accessing someone else's personal info?
I was thinking about using a hash of certain parts of the order (eg. purchaser's email address/order number/time of order) in the query string to authenticate the user. Any comments on how secure this is? Could a bot attack this and come across a valid query string to access this data?
Thanks, Damien _______________________________________________ For details on ALL mailing lists and for joining or leaving lists, go to http://list.cfdeveloper.co.uk/mailman/listinfo -- CFDeveloper Sponsors:-
- Hosting provided by www.cfmxhosting.co.uk -< - Forum provided by www.fusetalk.com -< - DHTML Menus provided by www.APYCOM.com -< - Lists hosted by www.Gradwell.com -< - CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<
