Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | Last revisionBoth sides next revision | ||
v:2.0:security_and_privacy_considerations [2017/04/26 07:02] – external edit 127.0.0.1 | v:2.0:security_and_privacy_considerations [2020/01/24 00:32] – [Personal Information accessible via Receipt] foxybrett | ||
---|---|---|---|
Line 14: | Line 14: | ||
==== Personal Information accessible via Receipt ==== | ==== Personal Information accessible via Receipt ==== | ||
- | Receipt URLs can be accessed without authentication, | + | Receipt URLs can be accessed without authentication. By default, receipts are loaded |
+ | A link to a receipt is contained in the email receipt that is sent to the customer, but if an attacker has access to the email, they already have access to the PII in the web receipt. | ||
+ | |||
+ | If you're exceptionally concerned about the security of the web-based receipts, however, you can change your receipt template to simply not output any data at all, and/or redirect to your own system to handle a receipt display using our outgoing SSO functionality. | ||
==== Cart Contents ==== | ==== Cart Contents ==== | ||
Since the cart contents persist via a cookie, it could be seen by others on a shared computer. If this is a problem, avoid products that have personal information in the options, or use the '' | Since the cart contents persist via a cookie, it could be seen by others on a shared computer. If this is a problem, avoid products that have personal information in the options, or use the '' |