[SEC] QR Code not secure

[td00]

Describe the bug The QR Code only contains the main Order Number and an increasing number (i.e. FOOBA-1). This can be enumarated fairly easily and should be considered insecure

To Reproduce Steps to reproduce the behavior:

1. Book a ticket
2. Get the QR Code
3. Scan the QR Code

Expected behavior Use some unique secure random string

Screenshots If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

• OS: [e.g. iOS]
• Browser [e.g. chrome, safari]
• Version [e.g. 22]

Smartphone (please complete the following information):

• Device: [e.g. iPhone6]
• OS: [e.g. iOS8.1]
• Browser [e.g. stock browser, safari]
• Version [e.g. 22]

Hi.Events Version and platform demo instance

Logs Add any relevant error logs

Additional context Add any other context about the problem here.

[daveearley]

Thanks for the report @td00! Good suggestion. Any queries involving the Attendee ID will always include the event ID, and there's a rate limit in place, so it makes enumeration a little tricky. But it's not impossible, so I'll update the public ID to use a longer more secure string. Cheers!