It may not just a VB thing, so...

I want to make a really secure registration system (i.e., nag screens until you enter a code). My current idea:

  • User sends check and their name to me
  • I receive check and make a code from their name
  • I mail them their code and post that code to a hidden file online
  • User tries to enter code in PassProg
  • PassProg goes online and verifies that the code exists. If it doesn't, registration is denied.
  • If the registration is successful, the code is removed from the hidden online file by me


It sounds secure, but here are the flaws. How could I fix them?

  • The path to the hidden file could be found in PassProg and changed by a hacker, so it goes to their own file
  • Something else that I forgot...


Any ideas?