>Then can you suggest the best way of tackling this situation...
>
> - website, basket and pre-checkout on one server
> - basket or orders table in database, each basket record tied to a
>session.userid value
> - secure payment area / checkout on another server
> - no database access from secure server to database on main website server
>
>How can you make the basket / orders data tied to a user, together with the
>prices for the products, accessible to the checkout section without
>including them as hidden form fields which, obviously can be tampered with?
You could put all the data that needs to be passed over in to a WDDX
packet, then encrypt it, base64 it, and send it over in a hidden field.
Ryan
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
