Order tracking

Forum Moderators: buckworks

Message Too Old, No Replies

Order tracking

need some suggestions

Raymond

9:47 am on Dec 29, 2004 (gmt 0)

I want to implement an order tracking options where people just enter their order number and then the script will tell them when the order was shipped out. The script is pretty basic, we can probably have it ready in a few hours. However, our order number is generated sequencially. If we implement such script, anybody who feeds in a valid order number will be able to find how many sales we are getting. As a webmaster myself, if I find a site that I can get such important data, I would definitely use this "feature" to my fullest advantage. And of course, I can't allow that to happen.

I understand that if I fix the algorithm that generates the order number, this problem will be resolved. But it will be a big change because it will affect all other backend scripts.
Is there anyway other way I can prevent such exploit?

lorax

3:34 pm on Dec 29, 2004 (gmt 0)

Could you use an email address and order number combination?

too much information

4:11 pm on Dec 29, 2004 (gmt 0)

Or what about order number and the zip code that the order was shipped to?

JonR28

4:26 pm on Dec 29, 2004 (gmt 0)

We use email address and order number for confirmation. Anyone can guess an order number, but no one could just randomly guess an email to go with any one of a thousand numbers a day.

iJeep

7:04 pm on Dec 29, 2004 (gmt 0)

I have used the order number and zip code in the past. It works well because the customer should know at least what their zip code is.

Raymond

7:33 pm on Dec 29, 2004 (gmt 0)

Great ideas, I guess I'll go with email and order number. (Not all my customers are from places with zip codes)

Thank you so much.

Order tracking

need some suggestions

Raymond

lorax

too much information

JonR28

iJeep

Raymond

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week