|
|
Posted by Jerry Stuckle on 03/23/07 04:26
Aggelos wrote:
> On Mar 22, 10:42 pm, Jerry Stuckle <jstuck...@attglobal.net> wrote:
>> Toby A Inkster wrote:
>>> Jerry Stuckle wrote:
>>>> Toby's suggestion is a good one. He just got the '<' and '>' in the
>>>> wrong place. Try:
>>>> <http://message-id.net/2r0v64-o98....@ophelia.g5n.co.uk>
>>> http://message-id.net/<2r0v64-o98....@ophelia.g5n.co.uk>
>>> works fine. (I ought to know, as I own message-id.net.)
>> Not for me it doesn't, Toby. Thunderbird tells Firefox to load it with
>> the extra chars.
>>
>> Works fine as I had it.
> Yes it works like Jerry had it :p
> Thanks both of you though.
> I think that I am not going to use that sollution though as you can
> still decode it if you know the algorythm... what I do is create a
> random seed which I store it in a DB with the id I want and then just
> comparing that seed again with the database to get the id whenever I
> need it.
>
> So before I send the user to the Secure site I create the random
> string, then redirect to the url setting the
> https://www.paymentgateway.com/checkout.php?customerId=$randomString
> and in the checkout.php script I select the record from the DB with
> that random string returning the original customerId. This way it is
> never visible to the possible "malicious" User.
>
> Thanks.
>
Actually, it should be pretty safe if you make the seed long enough.
The only problem would be if someone could get access to your source
files and see the seed. But if they could do that, they could also see
any seed you use, along with the algorithm.
A sysadmin could do it, for instance. So could most hosting companies
(unless you have a colo). and if you can't trust your hosting company
you're in real trouble.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Navigation:
[Reply to this message]
|