search

wagnerwagner / merx

Merx is a plugin to create online shops with Kirby.
https://merx.wagnerwagner.de
102 stars 10 forks source link

Invoice page security #25

Closed plagasul closed 3 years ago

plagasul commented 3 years ago

I’ve noticed that ‘completed’ invoices are actually public kirby pages, correct ?

What do you reccomend in order to avoid anybody but the user accessing the order page?

As far as I can understand Babyreport example page seems to use robots.txt to hopefully avoid the orders master page to be crawled, and it also seems like the order master page is not http visitable, not sure by which method is this achieved on BabyReport.

But I assume that individual orders while virtually impossible to URL-guess, are still potentially visitable, and robots.txt could be potentially ignored by a crawler.

Is this correct?

Since invoices may contain very sensitive information are there any other safeguards in place or reccomendations on how to deal with invoice page security?

Danke

tobiasfabian commented 3 years ago

I’ve wrote some tipps and tricks:

https://merx.wagnerwagner.de/docs/security