(keitai-l) Re: Amazon Japan Payment Security

From: Jason Pollard <jasonpollard_at_yahoo.com>
Date: 06/18/04
Message-ID: <20040618175542.5540.qmail@web50402.mail.yahoo.com>
> 
> If I visit http://www.amazon.co.jp/i  I can register at the site
> including entering my credit card details. I'm not going through the
> official menu and there is nothing pops up to suggest that the site is
> secure. So question 1 is is this secure and does this security rely on
> being an official site?
> 
It's probably just SSL and whatever security amazon has in their infrastructure
for normal Web browsing.  So, basically yes, and no.

> Second question would be how they recognise that I am a return user so
> that I don't have to input my details again. I presume that they can
> do this because they on the official menu. Even if I go to the URL,
> the URL of the page I see is something like:
>
http://www.amazon.co.jp/exec/obidos/dt/i/flex-sign-in/000-0000000-0000000?uid?=NULLGWDOCOMO&page=aa/xml/h/h.html&response=subst/aa/xml/h/h.html
>   (I changed the actual digit string to all zeros. I'm using a DoCoMo
> P504iS)
> 
I think the 000 string is your keitai's 'serial' number or some other kind of
unique ID which replaces the cookie they use on your browser.  I believe it's
only made available in the HTTP headers for official sites.  Til then, you'll
need to implement some kind of sign on, or get users to bookmark a link that
has a UID in it as above.

--jason





		
__________________________________
Do you Yahoo!?
Yahoo! Mail - You care about security. So do we.
http://promotions.yahoo.com/new_mail
Received on Fri Jun 18 20:55:44 2004