To me it seems like you are overthinking it (however I don't know how many orders you are going to get per day, how much the average order is going to be, etc...).
>From a security point of view these are the points you should be concerned about: 1. Human hackers submitting malicious input trying to find XSS and SQL injection vulnerabilities 2. Spam bots making random submissions 3. Someone just trying to have fun with your form, targetted mass submission. 4. Fake paid orders with incorrect details. The first three apply to almost all online forms. A combination of client-side and robust server-side input validation will take care of most of the problems. (also: captcha, ip blacklist, x submissions per ip per y minutes, form- tokens) 4 as David said is very rare (also consider the nature of the product). If it was me I would start with some basic input validation just so to prevent security issues. Then you can make a better decision based on the actual orders you receive. I'd rather deal with those 1% fake orders than pay thousands of dollars to prevent them. On Jul 29, 11:06 am, cij <cjf...@gmail.com> wrote: > hi folks, > > ok, so my downgraded requirements of using street names only didn't > sit well with my product manager : ).. had a debate with her last > night. her and the developers insist on a highly detailed database of > street addresses. i'm concerned about cost to business and whether we > need it ; ) > > the goal is to validate delivery addresses that customers enter into > website.. to avoid phantom addresses and prank orders. we are planning > on offering a COD service for customised low cost products. > > i'm looking now at AMAS address matching providers linked to the > national Postal Address File. not sure if they can interact with a > website in real time to check addresses > > @Yoo-Jin, thanks for the NSW address validation link! > > back to my debate with the product manager. My take is that address > validation of that sophistication may be an overkill/overengineering? > and what if we reject customers that made minor typos in their address > that a human postie can figure out, but machine logic rejects ; ) (i > will check field structure and tolerances in AMAS)? > > interested to hear your takes on this debate? : ) what's the > experience in oz regarding how common prank orders are for website > businesses? or is this problem normally addressed through deposit or > prepayment i.e. don't trust the customer ; ) > > On Jul 27, 12:06 pm, cij <cjf...@gmail.com> wrote: > > > > > > > > > hi, just reaching out to the community for tips on how to quickly > > source an australian national street address/suburb database for use > > in a website startup. No luck yet going through aussie post and > > sensis. Other suggestions welcome. Thanks! -- You received this message because you are subscribed to the Silicon Beach Australia mailing list. Visting http://siliconbeachaustralia.org for more Forum rules 1) No lurkers! It is expected that you introduce yourself. 2) No jobs postings. You can use http://siliconbeachaustralia.org/jobs To post to this group, send email to silicon-beach-australia@googlegroups.com To unsubscribe from this group, send email to silicon-beach-australia+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/silicon-beach-australia?hl=en?hl=en
