Invoice page security
Closed this issue · 1 comments
I’ve noticed that ‘completed’ invoices are actually public kirby pages, correct ?
What do you reccomend in order to avoid anybody but the user accessing the order page?
As far as I can understand Babyreport example page seems to use robots.txt to hopefully avoid the orders master page to be crawled, and it also seems like the order master page is not http visitable, not sure by which method is this achieved on BabyReport.
But I assume that individual orders while virtually impossible to URL-guess, are still potentially visitable, and robots.txt could be potentially ignored by a crawler.
Is this correct?
Since invoices may contain very sensitive information are there any other safeguards in place or reccomendations on how to deal with invoice page security?
Danke
I’ve wrote some tipps and tricks: