>- see footer for list info -< If your client will always log in from a given set of IP numbers you could restrict access to those IPs.
Gordon At 10:25 19/07/2006, you wrote: >>- see footer for list info -< >Hi all, > >I have a shop system that sends out orders to a shipping company. The shipping >company need to access a webpage that contains a confirmation note that >contains all the purchaser's shipping and order details. This webpage will be >accessed via a link from an email. > >They feel it will be too annoying (process-wise) to have a username/password >for this page and so the obvious problem is how do you stop jo public (or jo >hacker) from accessing someone else's personal info? > >I was thinking about using a hash of certain parts of the order (eg. >purchaser's email address/order number/time of order) in the query string to >authenticate the user. Any comments on how secure this is? Could a bot attack >this and come across a valid query string to access this data? > >Thanks, Damien >_______________________________________________ > >For details on ALL mailing lists and for joining or leaving lists, go to >http://list.cfdeveloper.co.uk/mailman/listinfo > >-- >CFDeveloper Sponsors:- >>- Hosting provided by www.cfmxhosting.co.uk -< >>- Forum provided by www.fusetalk.com -< >>- DHTML Menus provided by www.APYCOM.com -< >>- Lists hosted by www.Gradwell.com -< >>- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -< _______________________________________________ For details on ALL mailing lists and for joining or leaving lists, go to http://list.cfdeveloper.co.uk/mailman/listinfo -- CFDeveloper Sponsors:- >- Hosting provided by www.cfmxhosting.co.uk -< >- Forum provided by www.fusetalk.com -< >- DHTML Menus provided by www.APYCOM.com -< >- Lists hosted by www.Gradwell.com -< >- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<
