>- see footer for list info -< Have a login, set a cookie, keep the cookie forever, check for the cookie, if it's there, log them in, if they delete their cookies have them log in again.
Plus the IP restriction someone else mentioned. Not 100%, but better than a poke in the eye with a sharp stick! Adrian -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Damien Gallagher Sent: 19 July 2006 10:42 To: Coldfusion Development Subject: Re: [CF-Dev] order confirmation >- see footer for list info -< Sounds like a neat idea... The only thing they probably won't be up for is being called up with a url variable and possibly having to go through that again if it's lost. Rich Wild wrote: >> - see footer for list info -< > > or write a wee function to set a never-expiring cookie when a certain > secret > url variable is present in the string. > > Phone them up, tell them the variable and url for this cookie setting > page. > > They visit it, they get a cookie dropped on their machine. > > Now kill the cookie setting function so no one else can ever trigger > it and > get that cookie. > > Only allow the order confirmation screen to be displayed if the cookie > exists. > > If they lose the cookie, allow the page again and get them to revisit to > reset the cookie. > > On 7/19/06, Damien Gallagher <[EMAIL PROTECTED]> wrote: > >> >> >- see footer for list info -< >> Hi all, >> >> I have a shop system that sends out orders to a shipping company. The >> shipping company need to access a webpage that contains a confirmation >> note that contains all the purchaser's shipping and order details. This >> webpage will be accessed via a link from an email. >> >> They feel it will be too annoying (process-wise) to have a >> username/password for this page and so the obvious problem is how do you >> stop jo public (or jo hacker) from accessing someone else's personal >> info? >> >> I was thinking about using a hash of certain parts of the order (eg. >> purchaser's email address/order number/time of order) in the query >> string to authenticate the user. Any comments on how secure this is? >> Could a bot attack this and come across a valid query string to access >> this data? >> >> Thanks, Damien >> _______________________________________________ >> >> For details on ALL mailing lists and for joining or leaving lists, go to >> http://list.cfdeveloper.co.uk/mailman/listinfo >> >> -- >> CFDeveloper Sponsors:- >> >- Hosting provided by www.cfmxhosting.co.uk -< >> >- Forum provided by www.fusetalk.com -< >> >- DHTML Menus provided by www.APYCOM.com -< >> >- Lists hosted by www.Gradwell.com -< >> >- CFdeveloper is run by Russ Michaels, feel free to volunteer your help >> -< >> > _______________________________________________ > > For details on ALL mailing lists and for joining or leaving lists, go > to http://list.cfdeveloper.co.uk/mailman/listinfo > > -- > CFDeveloper Sponsors:- > >> - Hosting provided by www.cfmxhosting.co.uk -< >> - Forum provided by www.fusetalk.com -< >> - DHTML Menus provided by www.APYCOM.com -< >> - Lists hosted by www.Gradwell.com -< >> - CFdeveloper is run by Russ Michaels, feel free to volunteer your >> help -< > > > _______________________________________________ For details on ALL mailing lists and for joining or leaving lists, go to http://list.cfdeveloper.co.uk/mailman/listinfo -- CFDeveloper Sponsors:- >- Hosting provided by www.cfmxhosting.co.uk -< >- Forum provided by www.fusetalk.com -< >- DHTML Menus provided by www.APYCOM.com -< >- Lists hosted by www.Gradwell.com -< >- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -< _______________________________________________ For details on ALL mailing lists and for joining or leaving lists, go to http://list.cfdeveloper.co.uk/mailman/listinfo -- CFDeveloper Sponsors:- >- Hosting provided by www.cfmxhosting.co.uk -< >- Forum provided by www.fusetalk.com -< >- DHTML Menus provided by www.APYCOM.com -< >- Lists hosted by www.Gradwell.com -< >- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<
