Randomized or Non-Sequential User ID's
-
David shared this idea 8 years ago
- Other
- Post the first comment
2
Votes
Login to Vote
I was looking for a protection from our staff members from stealing customer information. At the current state of the software, any staff member can go down the user ID list and access every customers information, including name, phone, email etc.
All they have to do is load a client profile, and change the userid=1 to 2, 3, 4, 5 etc. and they then have access to every clients information.
There should be some sort of protection for this. I've seen non-sequential Invoice ID's. The same should be done for customer ID's.
All they have to do is load a client profile, and change the userid=1 to 2, 3, 4, 5 etc. and they then have access to every clients information.
There should be some sort of protection for this. I've seen non-sequential Invoice ID's. The same should be done for customer ID's.
Post the first comment
Login to post a comment.