> Id like to add that the reseller argument in that script should really
> be an md5 hash or something random like that so that someone couldnt walk
> the list of resellers. Some referrer checking could also verify that the
> website that the request was coming from was in fact owned by
> that reseller.
> Not sure if that would work with all browsers though.
I think this is extremely important. Many affiliate programs forget this
hole, which allow people to grab a full reseller list simply by modifying
the reseller code in the referral URL.
