Akopia Akopia Services
[Date Prev][Date Next][Thread Prev][Thread Next][Interchange by date ][Interchange by thread ]

Re: [ic] would that be possible with IC ?


>
>I haven't the experience to know this, but could IC be abused
>the way this article describes other shopping cart applications can ?
>
>http://www.zdnet.com/zdnn/stories/news/0,4586,2692337,00.html?chkpt=zdnn_rt 
>_latest
>
>BF

I seriously doubt it.  Although I've heard about that type of hack many 
years ago, I never imagined that anyone would write software that would 
susceptible to that type of exploit.  AFAIK Interchange never asks the 
literal page for the price, it looks in its database to match the price to 
the item ordered. (duh)

There is a possibility that Cybercash-like interfaces could be vulnerable 
if the dollar value ever exists in a hidden form field, or URL 
encoded.  But then, that's not IC, is it?  ;-)



Ryan Hertz                                              tel  800-645-BAIT
Webmaster                                               fax  520-645-2588
Advertising Director                                 http://www.baits.com
Gary Yamamoto Custom Baits, Inc.                  mailto:rhertz@baits.com


_______________________________________________
Interchange-users mailing list
Interchange-users@lists.akopia.com
http://lists.akopia.com/mailman/listinfo/interchange-users
Search for: Match: Format: Sort by: