Hi, On Mon, Jul 19, 2010 at 12:27 PM, George, Andre (Dr) <[email protected]> wrote: > This was covered in a security presentation at OWASP last Thursday > > From a security and hacker view point, after POS is completed (via 3rd party > like DPS), > .... can the redirect from the POS site be intercepted/held up so that the > session cart can have a few more items added to it before > continuing the redirect back to your site.
I would expect this to be much better addressed by not relying on the redirect, but the separate confirmation request sent by these gateways. The redirect would for example fail if the browser locked up or got shut down, so sooner or later a paid order will not be confirmed in any case. HTH, Jochen Chief Automation Officer Automatem Ltd Phone: 09 630 3425 Mobile: 021 567 853 Email: [email protected] Skype: jochendaum Website: www.automatem.co.nz http://twitter.com/automatem http://nz.linkedin.com/in/automatem http://www.xing.com/go/invite/3425509.181107 http://www.aucklandbusinessnetworking.co.nz -- NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected]
