> > You could put all the data that needs to be passed over in
> > to a WDDX packet, then encrypt it, base64 it, and send it
> > over in a hidden field.
>
> You could do this, but, again, if the data comes from the
> browser, someone can tamper with it. You're raising the
> bar of difficulty by doing this, but you'd be safer not
> passing the sensitive data back from the browser in the
> first place (and in this example, there's no reason you have to).
Thanks for the clarification.
I thought about it and realised that if you're generating a cart file and
storing it on the unsecure server, as long as no-one has the ability to
write or manipulate files in that directory, the prices can't be tampered
with.
Plus, if you pass as a hidden field the reference to the user's cart and
someone tinkers with that, the worst that's going to happen is that they'll
adopt someone else's cart and purchase the same products. All the prices
will still all be valid, though.
--
Aidan Whitehall <[EMAIL PROTECTED]>
Netshopper UK Ltd
Advanced Web Solutions & Services
http://www.netshopperuk.com/
Telephone +44 (01744) 648650
Fax +44 (01744) 648651
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Structure your ColdFusion code with Fusebox. Get the official book at
http://www.fusionauthority.com/bkinfo.cfm
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
