getpaid/core/order.py generates order ids like so:
while 1:
order_id = str( random.randint( 2**10, 2**30 ) )
if self.get( order_id ) is None:
break
Instead, we might use a 64-byte block cipher to encrypt a sequence and use
that as the order reference number. This number is guaranteed to be unique
and can be decrypted back into the sequence number if necessary. We do this
so a user cannot guess the order id of another user. Hopefully this would
make it more reasonable to allow 'view order status' without a password.
See attached.
Original issue reported on code.google.com by daniel.h...@exac.com on 25 Apr 2008 at 4:18
Original issue reported on code.google.com by
daniel.h...@exac.comon 25 Apr 2008 at 4:18Attachments: