0
Hi again,
I am testing your new security feature to grant unlogged user to see their invoice online and... Well, is there anything to do to make it work properly ?
For what I see 'till now, the feature just consists in an additionnal auth_code string in the address. Changing the id in the params make me able to see other invoice than mine, et I can even remove this auth_code from the address witout any annoyance : any user logged or not can access any invoice.
Does I miss anything, or is it a huge bug ?
I am testing your new security feature to grant unlogged user to see their invoice online and... Well, is there anything to do to make it work properly ?
For what I see 'till now, the feature just consists in an additionnal auth_code string in the address. Changing the id in the params make me able to see other invoice than mine, et I can even remove this auth_code from the address witout any annoyance : any user logged or not can access any invoice.
Does I miss anything, or is it a huge bug ?
Your Reply
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »