>- see footer for list info -< Being able to link directly to order confirmation pages is quite normal, and it normally works like this. Just createUUID() with each order and store it in the DB along with an expiry date. Now append that UUID to the link you email to the shipping company. Verify the UUID and the expiry before displaying the confirmation page. So only people who have that link and click it before the expiry date will be able to get to the file.
If you want it password protected. Just have a login page that the shipping company only has to login once, and store a cookie, then they can click on the links all day without having to do it again. Russ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Damien Gallagher Sent: 19 July 2006 10:26 To: Coldfusion Development Subject: [CF-Dev] order confirmation >- see footer for list info -< Hi all, I have a shop system that sends out orders to a shipping company. The shipping company need to access a webpage that contains a confirmation note that contains all the purchaser's shipping and order details. This webpage will be accessed via a link from an email. They feel it will be too annoying (process-wise) to have a username/password for this page and so the obvious problem is how do you stop jo public (or jo hacker) from accessing someone else's personal info? I was thinking about using a hash of certain parts of the order (eg. purchaser's email address/order number/time of order) in the query string to authenticate the user. Any comments on how secure this is? Could a bot attack this and come across a valid query string to access this data? Thanks, Damien _______________________________________________ For details on ALL mailing lists and for joining or leaving lists, go to http://list.cfdeveloper.co.uk/mailman/listinfo -- CFDeveloper Sponsors:- >- Hosting provided by www.cfmxhosting.co.uk -< >- Forum provided by www.fusetalk.com -< >- DHTML Menus provided by www.APYCOM.com -< >- Lists hosted by www.Gradwell.com -< >- CFdeveloper is run by Russ Michaels, feel free to volunteer your help >-< _______________________________________________ For details on ALL mailing lists and for joining or leaving lists, go to http://list.cfdeveloper.co.uk/mailman/listinfo -- CFDeveloper Sponsors:- >- Hosting provided by www.cfmxhosting.co.uk -< >- Forum provided by www.fusetalk.com -< >- DHTML Menus provided by www.APYCOM.com -< >- Lists hosted by www.Gradwell.com -< >- CFdeveloper is run by Russ Michaels, feel free to volunteer your help -<
