Marc,
I can't tell how Fivetech generates the filenames, but I think it is easy to find a way. It is not tipical in any way, it is just security by making thing harder to figure out, but IMHO it only creates a false sense of safety.
This procedure is the one I usually use to store passwords.
Given an Invoice number, you can compute the MD5 to use as name, using HB_MD5 function. To make it safer, you can 'salt' the convertion, using another aditional data to add to the original name, be it static or dinamic.
eg.
cInvoiceNo:= '58144'
cSalt:= 'Maveco.be' // this is up to you.
cFilename:= HB_MD5( cInvoice + cSalt )
Whith this, and if NOBODY knows the SALT, noone will guess the invoice number. If you know the SALT, it's easy to know the filename for a given invoice number.
The port is sth you can change in an http server like apache or nginx, usually with LISTEN or similar command, changing the standard port 80.
Hope it helps.
↧