- see footer for list info -<
or write a wee function to set a never-expiring cookie when a certain secret url variable is present in the string.
Phone them up, tell them the variable and url for this cookie setting page. They visit it, they get a cookie dropped on their machine. Now kill the cookie setting function so no one else can ever trigger it and get that cookie. Only allow the order confirmation screen to be displayed if the cookie exists. If they lose the cookie, allow the page again and get them to revisit to reset the cookie. On 7/19/06, Damien Gallagher <[EMAIL PROTECTED]> wrote:
>- see footer for list info -< Hi all, I have a shop system that sends out orders to a shipping company. The shipping company need to access a webpage that contains a confirmation note that contains all the purchaser's shipping and order details. This webpage will be accessed via a link from an email. They feel it will be too annoying (process-wise) to have a username/password for this page and so the obvious problem is how do you stop jo public (or jo hacker) from accessing someone else's personal info? I was thinking about using a hash of certain parts of the order (eg. purchaser's email address/order number/time of order) in the query string to authenticate the user. Any comments on how secure this is? Could a bot attack this and come across a valid query string to access this data? Thanks, Damien _______________________________________________ For details on ALL mailing lists and for joining or leaving lists, go to http://list.cfdeveloper.co.uk/mailman/listinfo -- CFDeveloper Sponsors:- >- Hosting provided by www.cfmxhosting.co.uk -< >- Forum provided by www.fusetalk.com -< >- DHTML Menus provided by www.APYCOM.com -< >- Lists hosted by www.Gradwell.com -< >- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<
_______________________________________________ For details on ALL mailing lists and for joining or leaving lists, go to http://list.cfdeveloper.co.uk/mailman/listinfo -- CFDeveloper Sponsors:-
- Hosting provided by www.cfmxhosting.co.uk -< - Forum provided by www.fusetalk.com -< - DHTML Menus provided by www.APYCOM.com -< - Lists hosted by www.Gradwell.com -< - CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<
