[ic] would that be possible with IC ?

Ryan Hertz rhertz@gyb.baits.com
Tue, 06 Mar 2001 01:05:28 -0700

>I haven't the experience to know this, but could IC be abused
>the way this article describes other shopping cart applications can ?

I seriously doubt it.  Although I've heard about that type of hack many 
years ago, I never imagined that anyone would write software that would 
susceptible to that type of exploit.  AFAIK Interchange never asks the 
literal page for the price, it looks in its database to match the price to 
the item ordered. (duh)

There is a possibility that Cybercash-like interfaces could be vulnerable 
if the dollar value ever exists in a hidden form field, or URL 
encoded.  But then, that's not IC, is it?  ;-)

Ryan Hertz                                              tel  800-645-BAIT
Webmaster                                               fax  520-645-2588
Advertising Director                                 http://www.baits.com
Gary Yamamoto Custom Baits, Inc.                  mailto:rhertz@baits.com