- see footer for list info -<
Hi Simon,
not sure what you mean - are you talking about having a
username/password login?
Simon Baynes wrote:
- see footer for list info -<
I would suggest that this is particularly insecure, once they have
logged in they can maintain their authenticated state with a session
variable and therefore as long as the session timeout is set to. This
would stop them having to repeatedly log in for a period of time, but
still maintain a secure environment.
On 7/19/06, Damien Gallagher <[EMAIL PROTECTED]> wrote:
>- see footer for list info -<
Hi all,
I have a shop system that sends out orders to a shipping company. The
shipping company need to access a webpage that contains a confirmation
note that contains all the purchaser's shipping and order details. This
webpage will be accessed via a link from an email.
They feel it will be too annoying (process-wise) to have a
username/password for this page and so the obvious problem is how do you
stop jo public (or jo hacker) from accessing someone else's personal
info?
I was thinking about using a hash of certain parts of the order (eg.
purchaser's email address/order number/time of order) in the query
string to authenticate the user. Any comments on how secure this is?
Could a bot attack this and come across a valid query string to access
this data?
Thanks, Damien
_______________________________________________
For details on ALL mailing lists and for joining or leaving lists, go
to http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
>- Hosting provided by www.cfmxhosting.co.uk -<
>- Forum provided by www.fusetalk.com -<
>- DHTML Menus provided by www.APYCOM.com -<
>- Lists hosted by www.Gradwell.com -<
>- CFdeveloper is run by Russ Michaels, feel free to volunteer your
help -<
_______________________________________________
For details on ALL mailing lists and for joining or leaving lists, go to
http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
- Hosting provided by www.cfmxhosting.co.uk -<
- Forum provided by www.fusetalk.com -<
- DHTML Menus provided by www.APYCOM.com -<
- Lists hosted by www.Gradwell.com -<
- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<
