tkw829 Posted January 10, 2007 Share Posted January 10, 2007 I'm a relative newbie, so this may be addressed or out of scope for this product. I am doing some testing for a new install, and I noticed that customers receive emails with a link for new orders in this format: https://www.storefront.com/shop/account_his...php?order_id=23 It occured to me that if someone were to login and change the order_id, they could view orders belonging to other customers. Am I mistaken? Troy Wilson Keepsake-storybooks.com Link to comment Share on other sites More sharing options...
abra123cadabra Posted January 10, 2007 Share Posted January 10, 2007 You can easily try this. It doesn't work. First the customer is asked to login and after that he sees only his own orders in the account history. abra The First Law of E-Commerce: If the user can't find the product, the user can't buy the product. Feedback and suggestions on my shop welcome. Note: My advice is based on my own experience or on something I read in these forums. No guarantee it'll work for you! Make sure that you always BACKUP the database and the files you are going to change so that you can rollback to a working version if things go wrong. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.