[Nomads-pm] Safety of storing pricing information in a CGI::Session

Thu Feb 3 19:07:00 PST 2005

G'day all...

I'm currently using CGI::Session as part of an online ordering system.

I've been passing database primary keys back and forth between the
client and server, with all values double checked upon being received at
the server.

The only problem is that I need to present the total price to the client
at more than one point of operation, and I have been recalculating the
price each time.

How safe is it to store the pricing information on the session object
itself - are their any security flaws or issues of which I should be
aware? (I'm figuring it's pretty safe - but I'd rather be ultra-sure.)

I guess, what I'm really asking is if there any methods of security
violations associated with CGI::Session that I should be aware of...?

Thanks heaps!

Regards,

Michael S. E. Kraus
B. Info. Tech. (CQU), Dip. Business (Computing)
Software Developer - Wild Technology Pty Ltd

--------------------------------------------------------------------------------

Wild Technology Pty Ltd , ABN 98 091 470 692
Sales - Ground Floor, 265/8 Lachlan Street, Waterloo NSW 2017
Admin - Level 4 Tiara, 306/9 Crystal Street, Waterloo NSW 2017
Telephone 1300-13-9453 |  Facsimile 1300-88-9453
http://www.wildtechnology.net
DISCLAIMER & CONFIDENTIALITY NOTICE:  The information contained in this email message and any attachments may be confidential information and may also be the subject of client legal - legal professional privilege. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited.   This email and any attachments are also subject to copyright.  No part of them may be reproduced, adapted or transmitted without the written permission of the copyright owner.  If you have received this email in error, please immediately advise the sender by return email and delete the message from your system.