I’ve created a web site for student management (martial arts schools). Which includes invoicing students. Currently the only way my users can do this is by printing the invoices and handing them to the students. I’d like to create a way for the students to go to their invoice online.
I’ve been considering using GUIDs for the students, and using that as the parameter for the query string to the invoice. (http://thesite.com/invoice.php?guid=E3D3D122-5AB6-4405-96EC-7C0579710813)
The invoice would be a read-only page, and allow no access to the rest of the site. So I’m not to worried about packet sniffing (I don’t believe some sniffing traffic in a coffee shop is a concern, if all they have access to is a random student invoice).
I am worried about someone being able to guess, or get to a specific set of invoices (i.e. all the invoices of a competitor).
I feel like I’m either crazy for considering it, or it’s a relativity standard practice. I’m just not sure which. And SO is a great sanity check.
Thanks
That’s actually a good, secure process; you lose the readability of the URL, of course, but if that’s not much of a concern, that’s a good solution. It’s certainly not guessable.
As an added security measure, you might want to put in place logging of invoice accesses.