[ic] Setting order discount using JavaScript

interchange-users@interchange.redhat.com interchange-users@interchange.redhat.com
Mon May 13 10:01:01 2002


On Mon, May 13, 2002 at 08:04:03AM -0500, Scott Kennedy wrote:
> On Mon, 13 May 2002 cfm@maine.com wrote:
> 
> |On Sun, May 12, 2002 at 10:19:49PM -0500, Scott Kennedy wrote:
> |> I'm trying to set a discount for the entire order using a combination of
> |> JavaScript and Perl.  The code is on the checkout page which may be found at,
> |>
> |>     http://neatway.com/cgi-bin/altchoice/index.html
> |>
> |
> |Be careful that a visitor cannot alter that javascript and post the
> |page with his own discount.  That's a pretty common hack to many
> |carts that carry pricing in the page.
> 
> Good point.  Anything I can do to help prevent this?

Maybe a year ago a lot of carts took a big hit from this.  I bet you
can find stuff in google, maybe even bugtraq.  At least you can
bone up on the issue in general.




-- 

Christopher F. Miller, Publisher                               cfm@maine.com
MaineStreet Communications, Inc           208 Portland Road, Gray, ME  04039
1.207.657.5078                                         http://www.maine.com/
Content/site management, online commerce, internet integration, Debian linux