I'll take a stab at a usefull suggestion. GoldMoney implements a feature where you can define the return URLs as part of your account setup. You can also choose to allow those to be overwritten by the form.
A feature like this for E-Gold would eliminate part of what you consider risky. But once an end user completes a sale they have that url. I do like the idea of having the backend confirmation url hidden. Without a knowlege of what that url is it reduces the chance of a brute force attack. The MD5 hash of the transaction is not something that everyone verifies. That to me is the greatest security risk. --- You are currently subscribed to e-gold-list as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED] http://www.e-gold.com/stats.html lets you observe the e-gold system's activity now!