Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

Re: Re: Re: Changing website prices based on client? (keywd: Web Software Engr)

by knobunc (Pilgrim)
on Jun 08, 2001 at 00:50 UTC ( [id://86746]=note: print w/replies, xml ) Need Help??


in reply to Re: Re: Changing website prices based on client? (keywd: Web Software Engr)
in thread Changing website prices based on client? (keywd: Web Software Engr)

Good points. I guess I should have mentioned more about security of each method.

REMOTE_ADDR and REMOTE_HOST are pretty safe since they come from the sockaddr struct that relates to the connection, so you are somewhat succeptible to a man-in-the-middle attack if the sender can spoof the IP address and catch the return packets (assuming that there is no TCP sequence number bug that allows him to predict the excact set of packets to send from elsewhere). Of course you are succeptible to a DNS attack if the attacker can spoof the reverse IP address lookup, and DNS is notoriously unsafe.

Storing the ID on each page is relatively safe iff (sic) the discount ID refers to a token ID stored in the DB that is generated randomly (assuming your random number generator is sufficiently random) from a large search space. Really cookies and hidden form variables are equivalent since they are both submitted on each request and the user can munge them both. Since this is discounts you have to decide if you want the user to log in to the site.

Personally I despise logging in until I am actually ready to order. It might be more productive for a site to give a 5% discount to a handful more people if they get more sales in general. Remember that stores often see 30 - 60% markups so they are making a profit even if they offer substantial discounts.

-ben

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://86746]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others musing on the Monastery: (3)
As of 2024-03-28 18:16 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found