I need to know if there is anything better than the simple SCI that is provided.
We index new sites everyday. The sites that provide products or services for e-gold seem to mostly be using the SCI, which has the "LARGEST" security hole I have ever seen... by default. The common webmaster does not realize that this hole exists. Any simple WaReZKiDDie can "bop" right into any of these sites using the standard SCI. I'm sure this has been topic before, I don't see how it could never be... PAYMENT_URL= <----- COMMON ERROR IS THE DESTINATION. Extreme security breach. Any common webmaster using the default SCI is vulnerable AND will lose money on lost purchases. The only way around this is by manually verifying each purchase OR having scripting written to verify each purchase. Most webmasters do not even REMOTELY realize this... this is the ONLY aspect of e-gold that is a definite NEGATIVE! I have an idea/suggestion. Rather than third party programmers getting involved to develop scripting for webmasters, e-gold should develop a "Webmasters" or "Merchants" section, accessible to each account holder from within their account. This section could provide webmasters with PAYMENT_URL= options to define from within their account. This could eliminate this security hole completely thus providing webmasters with an instant service activation option rather than "Please allow 24 hours....blah-blah-blah". I honestly do not think that this should be dealt with by third party programmers. This should be developed and implemented by e-gold AT e-gold. Any information regarding this subject would greatly be appreciated. Thanks for your time. Respectfully, RJ LeVeque - [EMAIL PROTECTED] LVTN - eCurrencyCrawler http://www.americonn.com _________________________________________ Submit your website to eCurrencyCrawler. http://www.americonn.com/ecurrency_crawler/ _________________________________________ --- You are currently subscribed to e-gold-tech as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED]
