[ic] security (order number, failure to update)

cfm@maine.com cfm@maine.com
Fri, 26 Jan 2001 11:38:12 -0500


On Fri, Jan 26, 2001 at 10:24:03AM -0500, Mike Heins wrote:

> > Still, if the system can't generate proper numbers and clean data what
> > should it do?  Shut down gracefully?
> 
> Most businesses don't ever like to stop taking orders as long as they
> are sure the price and delivery are reasonable. I usually fall back
> to an OrderNumber style file that has a unique series of numbers like
> ABC00000. The order number will be unique (presuming you set it up so
> each machine has a unique ID) and will alert you to the fact that there
> will be a customer service problem.

Agreed.  Still, the root of this thread that I've so handily
deleted was **failure** to update a number in a registered userdb.
Orders are same.  In that case orders or registered users get 
mixed or nixed, at least in the database and for anything else
that keys off that non updated sequence number.

> That is why Interchange writes orders 4 places by default -- the
> order email image (based on order number), the database, the email,
> and if all else fails the tracking.asc file. Obviously you run from
> one, but the others are there to reconstruct if necessary.

We've stopped paying attention to the tracking.asc file.  That 
is a good idea to revisit.  Thank you.  In a real time scenario -
say the userdb and access permissions - one runs the risk of 
compromising more than just a sale.  Maybe it's enough to
verify that the counter file has been changed and synced to disk?

Best,

cfm

-- 

Christopher F. Miller, Publisher                             cfm@maine.com
MaineStreet Communications, Inc         208 Portland Road, Gray, ME  04039
1.207.657.5078                                       http://www.maine.com/
Content management, electronic commerce, internet integration, Debian linux