My name is Paul and I4m testing the script, s-mart.cgi. I do really think it4s nice but I have a question about it and wonder if somebody could give me a hint. I can save the order-form (i.e order.html) change price and submit the order-form with wrong price. Is it possible to unable customers to do that?

/Paul

-- Paul Szentes (paul@dataplus.se), March 26, 1999

Answers

Paul -

It looks like you've found a security loop-hole all of us have overlooked in the past... Nice find!

I am going to look into this issue and see if there is any way to make script more secure. I am thinking possibly about making it where the script processes the order based on the contents of the users shopping cart, rather than the form data.

will let you know if I come up with anything.

-BP

-- BP (bppilot@aol.com), March 26, 1999.

It appears that the order is totalled correctly when it is submitted regardless of the changes made to the order form prior to submitting it.

-Mike

-- Mike Lynne (mdlynne@worldnet.att.net), March 30, 1999.