- see footer for list info -<
Sounds like a neat idea... The only thing they probably won't be up for
is being called up with a url variable and possibly having to go through
that again if it's lost.
Rich Wild wrote:
- see footer for list info -<
or write a wee function to set a never-expiring cookie when a certain
secret
url variable is present in the string.
Phone them up, tell them the variable and url for this cookie setting
page.
They visit it, they get a cookie dropped on their machine.
Now kill the cookie setting function so no one else can ever trigger
it and
get that cookie.
Only allow the order confirmation screen to be displayed if the cookie
exists.
If they lose the cookie, allow the page again and get them to revisit to
reset the cookie.
On 7/19/06, Damien Gallagher <[EMAIL PROTECTED]> wrote:
>- see footer for list info -<
Hi all,
I have a shop system that sends out orders to a shipping company. The
shipping company need to access a webpage that contains a confirmation
note that contains all the purchaser's shipping and order details. This
webpage will be accessed via a link from an email.
They feel it will be too annoying (process-wise) to have a
username/password for this page and so the obvious problem is how do you
stop jo public (or jo hacker) from accessing someone else's personal
info?
I was thinking about using a hash of certain parts of the order (eg.
purchaser's email address/order number/time of order) in the query
string to authenticate the user. Any comments on how secure this is?
Could a bot attack this and come across a valid query string to access
this data?
Thanks, Damien
_______________________________________________
For details on ALL mailing lists and for joining or leaving lists, go to
http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
>- Hosting provided by www.cfmxhosting.co.uk -<
>- Forum provided by www.fusetalk.com -<
>- DHTML Menus provided by www.APYCOM.com -<
>- Lists hosted by www.Gradwell.com -<
>- CFdeveloper is run by Russ Michaels, feel free to volunteer your help
-<
_______________________________________________
For details on ALL mailing lists and for joining or leaving lists, go
to http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
- Hosting provided by www.cfmxhosting.co.uk -<
- Forum provided by www.fusetalk.com -<
- DHTML Menus provided by www.APYCOM.com -<
- Lists hosted by www.Gradwell.com -<
- CFdeveloper is run by Russ Michaels, feel free to volunteer your
help -<
_______________________________________________
For details on ALL mailing lists and for joining or leaving lists, go to
http://list.cfdeveloper.co.uk/mailman/listinfo
--
CFDeveloper Sponsors:-
- Hosting provided by www.cfmxhosting.co.uk -<
- Forum provided by www.fusetalk.com -<
- DHTML Menus provided by www.APYCOM.com -<
- Lists hosted by www.Gradwell.com -<
- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<
