[Zope-CMF] Paying Portals & Progress

[BZ]

Funny.. but not really helpful.

There are a couple more things that could beef up security.

- read the referrer domain and only validate if coming from paypal
- use the unique ID idea set into the account but not shown. It would 
have to match the return url and if it did not would not validate
- email alerts for all new accounts (can check to see if paid 
accounts  = real accounts).

BZ

At 7:14 AM +0000 3/4/02, Chris Withers wrote:
>BZ wrote:
>>
>>  4) At end of PayPal there is a "return_url"  which I set with the
>>  memberID and another parameter that when they come back sets the
>>  active=Y.
>
>Cool, Nice easy site to hack :-)
>
>cheers,
>
>Chris