Please resubmit your message, this time quoting fewer lines of the 
previous message.

---

>I'll take a stab at a usefull suggestion.
>
>GoldMoney implements a feature where you can define the return URLs
>as part of your account setup.  You can also choose to allow those
>to be overwritten by the form. ...

...


>The MD5 hash of the transaction is not something that everyone
>verifies. That to me is the greatest security risk.

I reckon if you don't check the hash, you're gonna get chumped! :)

That is pretty basic, and it's only one (1) line of code after all.
One is a pretty small number!

My colleague Mike has the system of checking that the post really did
come from Jay's IP number, which is a super idea and further
eliminates most hackage attempts.

(Although even the IP can be spoofed of course by a clever hacker.)

Vince, the problem perhaps with goldmoney's approach is it's sort of
a "false" sense of security:

Once someone DOES discover the name of the cgi, you're pretty much cocked.

It's more obfuscation than security.

(Many people run their incoming-scgi, the status one, on not-SLL
servers [and no reason not to, really] so its not all that hard to
discover the name; to begin with everyone inside the development
circle knows the name.)

I recently discussed this with Jay himself and the ONLY real solution
is indeed to simply log your incoming transaction ids, and, simply
check that you have only ever processed that one once.

"Conceptually", that's the only way possible, there's no such thing
as a one-way, one-time spend without reference to some outside entity
(an atomic clock, DB or some such), unless maybe you're talking
quantum computing or something avant garde.

---
You are currently subscribed to e-gold-list as: archive@jab.org
To unsubscribe send a blank email to [EMAIL PROTECTED]

http://www.e-gold.com/stats.html lets you observe the e-gold system's activity now!

Reply via email to