Protecting webdelivery

This WebDNA talk-list message is from

1997

It keeps the original formatting. numero = 11829
interpreted = N
texte = I've got an idea for doing a bit more protection on the webdelivery side of WebMerchant, and before I kill myself trying it out, I wanted to pass this by the knowledge-base of the list...Since we're going to be using SSL to grab the Credit Card and other personal info, and we'll be doing the actual webdelivery page serving using SSL as well, I was considering having WebCatalog generate a unique username/password for the session that would be shown to the user in one of several ways (as securely as possible):1. Within Invoice (once purchase has been handed to WebMerchant using SSL);2. Via e-mail (delays possible, and not very secure, so least likely);3. Can't think of any other options - suggestions?Anyone see problems with this scenario?Of course, the follow-up questions are:1. how to go about generating this unique username/password pair?2. I'd rather these unique pairs don't stick around, so how can I age them - or sweep them away with the webdelivery pages and shopping carts? a. I was thinking that an expiration DATE and possible expiration TIME field in the .db would be a way to check in a calculation to see if it should be allowed. b. I really don't want to use (Mac)PERL to try and clean out the file, but I could see that as a possibility - although I'd have to make sure the RAM copy of the .db got synced as well - right?Glutton for punishment? Paranoid? Yes - that's me!Anyone attempted anything remotely along these lines?Dan Keldsen - djk@delphigroup.comDirector, I.S. - webmaster@delphigroup.comDelphi Consulting Group, Inc. - http://www.delphigroup.com/100 City Hall Plaza - ph: 617-247-1511Boston, MA 02108-2106 - fax:617-247-4957 Associated Messages, from the most recent to the oldest:

Re: Protecting webdelivery (Dan Keldsen 1997)
Re: Protecting webdelivery (Grant Hulbert 1997)
Protecting webdelivery (Dan Keldsen 1997)

I've got an idea for doing a bit more protection on the webdelivery side of WebMerchant, and before I kill myself trying it out, I wanted to pass this by the knowledge-base of the list...Since we're going to be using SSL to grab the Credit Card and other personal info, and we'll be doing the actual webdelivery page serving using SSL as well, I was considering having WebCatalog generate a unique username/password for the session that would be shown to the user in one of several ways (as securely as possible):1. Within Invoice (once purchase has been handed to WebMerchant using SSL);2. Via e-mail (delays possible, and not very secure, so least likely);3. Can't think of any other options - suggestions?Anyone see problems with this scenario?Of course, the follow-up questions are:1. how to go about generating this unique username/password pair?2. I'd rather these unique pairs don't stick around, so how can I age them - or sweep them away with the webdelivery pages and shopping carts? a. I was thinking that an expiration DATE and possible expiration TIME field in the .db would be a way to check in a calculation to see if it should be allowed. b. I really don't want to use (Mac)PERL to try and clean out the file, but I could see that as a possibility - although I'd have to make sure the RAM copy of the .db got synced as well - right?Glutton for punishment? Paranoid? Yes - that's me!Anyone attempted anything remotely along these lines?Dan Keldsen - djk@delphigroup.comDirector, I.S. - webmaster@delphigroup.comDelphi Consulting Group, Inc. - http://www.delphigroup.com/100 City Hall Plaza - ph: 617-247-1511Boston, MA 02108-2106 - fax:617-247-4957 Dan Keldsen

DOWNLOAD WEBDNA NOW!

Protecting webdelivery

1997

Top Articles:

Related Readings: