Posted by Aggelos on 03/22/07 22:12

On Mar 22, 10:42 pm, Jerry Stuckle <jstuck...@attglobal.net> wrote:
> Toby A Inkster wrote:
> > Jerry Stuckle wrote:
>
> >> Toby's suggestion is a good one. He just got the '<' and '>' in the
> >> wrong place. Try:
>
> >> <http://message-id.net/2r0v64-o98....@ophelia.g5n.co.uk>
>
> >http://message-id.net/<2r0v64-o98....@ophelia.g5n.co.uk>
> > works fine. (I ought to know, as I own message-id.net.)
>
> Not for me it doesn't, Toby. Thunderbird tells Firefox to load it with
> the extra chars.
>
> Works fine as I had it.
Yes it works like Jerry had it :p
Thanks both of you though.
I think that I am not going to use that sollution though as you can
still decode it if you know the algorythm... what I do is create a
random seed which I store it in a DB with the id I want and then just
comparing that seed again with the database to get the id whenever I
need it.

So before I send the user to the Secure site I create the random
string, then redirect to the url setting the
https://www.paymentgateway.com/checkout.php?customerId=$randomString
and in the checkout.php script I select the record from the DB with
that random string returning the original customerId. This way it is
never visible to the possible "malicious" User.

Thanks.

[Back to original message]