CodingForums.com - View Single Post

Custard7A · 11-06-2012, 02:27 AM

Yes, that would be right. You could think of submitting the order as signing-up for an "order account" — as well as recording the order details, obviously — and the "order number" would be related to the rest of the order directly in the database structure. Somebody may then enter an "order number" in a form for "checking the status of an order", and if the "order number" exists, and matches with an order in your database, you could then think of that as a (very insecure) login.

It's entirely possible, whether or not it's a good idea depends a lot of what information and options you wish to keep and make available to the people using it. A headless chicken could probably brute-force a single 5 character string validation with success, especially if it's numeric.

11-06-2012, 02:27 AM	PM User \| #4
Custard7A Regular Coder Join Date: Jul 2010 Location: Australia Posts: 269 Thanks: 32 Thanked 32 Times in 32 Posts	Yes, that would be right. You could think of submitting the order as signing-up for an "order account" — as well as recording the order details, obviously — and the "order number" would be related to the rest of the order directly in the database structure. Somebody may then enter an "order number" in a form for "checking the status of an order", and if the "order number" exists, and matches with an order in your database, you could then think of that as a (very insecure) login. It's entirely possible, whether or not it's a good idea depends a lot of what information and options you wish to keep and make available to the people using it. A headless chicken could probably brute-force a single 5 character string validation with success, especially if it's numeric.