>
> If I visit http://www.amazon.co.jp/i I can register at the site
> including entering my credit card details. I'm not going through the
> official menu and there is nothing pops up to suggest that the site is
> secure. So question 1 is is this secure and does this security rely on
> being an official site?
>
It's probably just SSL and whatever security amazon has in their infrastructure
for normal Web browsing. So, basically yes, and no.
> Second question would be how they recognise that I am a return user so
> that I don't have to input my details again. I presume that they can
> do this because they on the official menu. Even if I go to the URL,
> the URL of the page I see is something like:
>
http://www.amazon.co.jp/exec/obidos/dt/i/flex-sign-in/000-0000000-0000000?uid?=NULLGWDOCOMO&page=aa/xml/h/h.html&response=subst/aa/xml/h/h.html
> (I changed the actual digit string to all zeros. I'm using a DoCoMo
> P504iS)
>
I think the 000 string is your keitai's 'serial' number or some other kind of
unique ID which replaces the cookie they use on your browser. I believe it's
only made available in the HTTP headers for official sites. Til then, you'll
need to implement some kind of sign on, or get users to bookmark a link that
has a UID in it as above.
--jason
__________________________________
Do you Yahoo!?
Yahoo! Mail - You care about security. So do we.
http://promotions.yahoo.com/new_mail
Received on Fri Jun 18 20:55:44 2004