Please resubmit your message, this time quoting fewer lines of the previous message.
--- >I'll take a stab at a usefull suggestion. > >GoldMoney implements a feature where you can define the return URLs >as part of your account setup. You can also choose to allow those >to be overwritten by the form. ... ... >The MD5 hash of the transaction is not something that everyone >verifies. That to me is the greatest security risk. I reckon if you don't check the hash, you're gonna get chumped! :) That is pretty basic, and it's only one (1) line of code after all. One is a pretty small number! My colleague Mike has the system of checking that the post really did come from Jay's IP number, which is a super idea and further eliminates most hackage attempts. (Although even the IP can be spoofed of course by a clever hacker.) Vince, the problem perhaps with goldmoney's approach is it's sort of a "false" sense of security: Once someone DOES discover the name of the cgi, you're pretty much cocked. It's more obfuscation than security. (Many people run their incoming-scgi, the status one, on not-SLL servers [and no reason not to, really] so its not all that hard to discover the name; to begin with everyone inside the development circle knows the name.) I recently discussed this with Jay himself and the ONLY real solution is indeed to simply log your incoming transaction ids, and, simply check that you have only ever processed that one once. "Conceptually", that's the only way possible, there's no such thing as a one-way, one-time spend without reference to some outside entity (an atomic clock, DB or some such), unless maybe you're talking quantum computing or something avant garde. --- You are currently subscribed to e-gold-list as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED] http://www.e-gold.com/stats.html lets you observe the e-gold system's activity now!