GoogleCodeExporter
commented
8 years ago Hi there;
(First off, I understand this post is very old, but I figured since there was
no solution/remedy/etc., I could put my two-cents in to provide a solution that
worked for me).
I was having the same issue with knowing that these pages were vulnerable to
anyone who had the code without having the login credentials to view the page.
The workaround was utilizing a plugin called S2Member (you can opt for the free
version or the Pro version; either one would provide with the individual
page/post limitations for privacy on certain links). When you create the
'invoice' default page, S2Member has a 'permissions setting' control feature
that allows you to set level permissions for viewership; setting it to level 0
(or rather, aka 'subscriber'), this will help ensure that anyone who is NOT a
member or even logged-in will not be able to view the invoice page or any sort
of unique invoice unless logged in.
While the above does pose STILL an issue with individual users who may have a
desire to play with trying to access these unique invoice pages, it's by far
limiting their attempts at being able to decipher unique pages while logged in.
Either way, your individual invoices are protected and can only be access by
those logged in AND have the unique string attached to it.
This has worked very well for me, and I'm also able to control account
credentials that further make it more secure via different security measures.
I hope this helps you out as it's helped me out.
Roger SanchezOriginal comment by Dynamico...@gmail.com on 11 Feb 2013 at 11:08
Original issue reported on code.google.com by
ad...@function5.caon 9 Jun 2011 at 12:47