Thanks Rob for the explanation. It seems better avoid to use incremental order id and use custom incremental numbering for admin use only.
Taito 2009/5/9 Rob LaRubbio <[email protected]> > One thing to think about with incremental order ids is that it is possible > to leak information. > > One paranoid example is that a competitor could place an order and from the > incremental id see how many sales you have had. They could then place > another one week later and compare order ids to see your sales volume. > > A less paranoid example involves end users looking up orders. If the order > summary page (@@getpaid-order/997670534) doesn't check that the user viewing > the page also has rights to view that order, then anyone can view any order > just by entering sequential order ids. > > In general with ids that map to objects it's best to use a sparse namespace > to make guessing attempts hard. > > -Rob > > > On Fri, May 8, 2009 at 6:46 AM, Taito Horiuchi <[email protected]> wrote: > >> Hello, >> >> OK, then I give that incremental order id option to branch. >> >> Thanks, >> >> Taito >> >> >> 2009/5/8 Lucie Lejard <[email protected]> >> >> >>> Hi Taito, >>> >>> I don't know why random order id was implemented. But it seems like a >>> good idea to give the option in the getpaid admin to choose >>> incremental order id. >>> >>> Lucie >>> -- >>> S i x F e e t U p , I n c . | http://www.sixfeetup.com >>> Phone: +1 (317) 861-5948 x605 >>> ANNOUNCING the first Plone Immersive Training Experience | Sept. >>> 10-11-12, 2009 >>> http://www.sixfeetup.com/immerse >>> >>> >>> >>> On Wed, May 6, 2009 at 12:17 PM, Taito Horiuchi <[email protected]> wrote: >>> > Hi all, >>> > >>> > I'm using incremental order id for existing e-commerce site and I would >>> like >>> > to continue using this policy >>> > when I switch to getpaid. >>> > >>> > getpaid.core uses random order id for new order id. >>> > >>> > Is it a bad idea to add incremental order id as an option to core? >>> > >>> > Can somebody explain me why random order id is better than incremental >>> one? >>> > >>> > Taito >>> > >>> > >>> > > >>> > >>> >>> >>> >> >> >> > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "getpaid-dev" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/getpaid-dev?hl=en -~----------~----~----~----~------~----~------~--~---
