How can we improve WHMCS?

Share, discuss and vote for what you would like to see added to WHMCS

Randomized or Non-Sequential User ID's

I was looking for a protection from our staff members from stealing customer information. At the current state of the software, any staff member can go down the user ID list and access every customers information, including name, phone, email etc.

All they have to do is load a client profile, and change the userid=1 to 2, 3, 4, 5 etc. and they then have access to every clients information.

There should be some sort of protection for this. I've seen non-sequential Invoice ID's. The same should be done for customer ID's.

Post the first comment

Login to post a comment.