>
> The simple approach of allowing the pend or immediate flag
Right now, if an RSP allows spoofable input at a crucial payment step
( e.g. <input hidden payment-received="yes"> )
it's entirely within their own system, and OpenSRS behaves as expected.
If such payment-conditional input is allowed in the registration system,
you have the question of "as expected by whom?" :-)
Their own fault? Yes, but if there are enough such faults among RSPs,
still a big problem for OpenSRS.
=====
Winston D. Neutel, [EMAIL PROTECTED]
Broken Productions, http://www.broken.ca
