[ic] security (order number, failure to update)
Mike Heins
mikeh@minivend.com
Fri, 26 Jan 2001 10:24:03 -0500
Quoting cfm@maine.com (cfm@maine.com):
> Quoting myself:
> >
> > In recent Interchange (and maybe Minivend 4) all you have to do is
> >
> > [perl]
> > $Session->{mv_order_number} = your_unique_number();
> > [/perl]
> >
> > It will bypass OrderCounter at that point, and use yours. Then it
> > is on your head. 8-)
>
> Yes, we're using that but have not thought it through all the way. We're
> grabbing an order number from our key generator, inserting the order
> into the order table and order_items table, and then verifying that
> we read back the same record. On failure the idea was to send an
> op-header redirect; that didn't work too well on the **report** page. :->
> Fixed that.
>
> Still, if the system can't generate proper numbers and clean data what
> should it do? Shut down gracefully?
Most businesses don't ever like to stop taking orders as long as they
are sure the price and delivery are reasonable. I usually fall back
to an OrderNumber style file that has a unique series of numbers like
ABC00000. The order number will be unique (presuming you set it up so
each machine has a unique ID) and will alert you to the fact that there
will be a customer service problem.
That is why Interchange writes orders 4 places by default -- the
order email image (based on order number), the database, the email,
and if all else fails the tracking.asc file. Obviously you run from
one, but the others are there to reconstruct if necessary.
--
Akopia, Inc., 131 Willow Lane, Floor 2, Oxford, OH 45056
phone +1.513.523.7621 fax 7501 <heins@akopia.com>
Nature, to be commanded, must be obeyed. -- Francis Bacon