[ic] Remove Me
Sat, 27 Jan 2001 01:09:27 -0600
----- Original Message -----
Sent: Friday, January 26, 2001 10:38 AM
Subject: Re: [ic] security (order number, failure to update)
> On Fri, Jan 26, 2001 at 10:24:03AM -0500, Mike Heins wrote:
> > > Still, if the system can't generate proper numbers and clean data what
> > > should it do? Shut down gracefully?
> > Most businesses don't ever like to stop taking orders as long as they
> > are sure the price and delivery are reasonable. I usually fall back
> > to an OrderNumber style file that has a unique series of numbers like
> > ABC00000. The order number will be unique (presuming you set it up so
> > each machine has a unique ID) and will alert you to the fact that there
> > will be a customer service problem.
> Agreed. Still, the root of this thread that I've so handily
> deleted was **failure** to update a number in a registered userdb.
> Orders are same. In that case orders or registered users get
> mixed or nixed, at least in the database and for anything else
> that keys off that non updated sequence number.
> > That is why Interchange writes orders 4 places by default -- the
> > order email image (based on order number), the database, the email,
> > and if all else fails the tracking.asc file. Obviously you run from
> > one, but the others are there to reconstruct if necessary.
> We've stopped paying attention to the tracking.asc file. That
> is a good idea to revisit. Thank you. In a real time scenario -
> say the userdb and access permissions - one runs the risk of
> compromising more than just a sale. Maybe it's enough to
> verify that the counter file has been changed and synced to disk?
> Christopher F. Miller, Publisher email@example.com
> MaineStreet Communications, Inc 208 Portland Road, Gray, ME 04039
> 1.207.657.5078 http://www.maine.com/
> Content management, electronic commerce, internet integration, Debian
> Interchange-users mailing list