Order ID

Hello, i am still testing out my new marketpress plugin and have found out that say for example user 1 purchases something and has an order id "1" and then user 2 has an order id with "2" while testing it out i have found out the anyone with the correct order id can enter it into the address bar and can view their personal shipping information in the order confirm page, is there something i can do to stop this as i feel it is a breach of privacy?

  • aecnu
    • WP Unicorn

    Greetings ImQuazze,

    Welcome to WPMU Dev!

    Thank you for this great question and bringing this significant issue to our attention and for caring about the privacy of people.

    Though I do not know the answer to this, I agree that it is a valid issue.

    Any chance that you cleared your cache and cookies before trying to access an order in an unauthorized way?

    Please advise.

    Cheers, Joe

  • ImQuazze
    • New Recruit

    Hi aecnu,

    Thanks for the warm welcome!

    Yes I done what you suggested and still no luck, I was still able to access peoples private information. I even booted up my 5 year old XP computer to see if i could load it and yes i was able to.

    Now even though my site isn't fully open yet i still want to make sure that peoples private information is kept private before i fully open my website.

    Thanks

    Jordan

  • Mark
    • The Incredible Code Injector

    @ImQuazze

    The order IDs in my store are apparently randomly generated strings of 12 alpha numeric characters, for example e7r758f6b084

    I believe that's the default setting.

    Doesn't that serve as adequate protection? It's effectively a 12-digit password. Perhaps that could be strengthened further with more digits..

    Cheers,
    Mark

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.