Jump to content
  • 0

invoice emails - shared invoice settings safe?


cluster

Question

I think I will choose Blesta and migrate from whmcs soon ?

one more question about the invoice emails ...
the shared invoices function what does it mean exactly?
Is this function safe (using an one-time individual string link) ... with "safe" I mean if someone pays via the link is then the payer automatically logged into the customer account after the payment and has access? Would a css attack be possible via GET variables to access the client area from a payment link?
I would like to use the payment link function for invoice emails if it's safe and the customer accounts cannot be compromised via payment links.

Link to comment
Share on other sites

1 answer to this question

Recommended Posts

  • 0
5 hours ago, cluster said:

I think I will choose Blesta and migrate from whmcs soon ?

one more question about the invoice emails ...
the shared invoices function what does it mean exactly?
Is this function safe (using an one-time individual string link) ... with "safe" I mean if someone pays via the link is then the payer automatically logged into the customer account after the payment and has access? Would a css attack be possible via GET variables to access the client area from a payment link?
I would like to use the payment link function for invoice emails if it's safe and the customer accounts cannot be compromised via payment links.

That's great! We are glad that you are considering Blesta.

Do you mean the "Pay Now" link that appears in invoice emails that does not require a client to be logged in to make payment? This link does not automatically log the client into the client area, it only allows them to make a payment without being logged in. So, while it's possible that some information about the client can be seen as required for making payment, using the link does not give full access to the client account. Clicking the link allows payment, but you cannot see other invoices, services, transactions, or place orders or anything like that. Limited access for the purpose of making payments only.

If you do not want to use the Pay Now link, you can remove it from the email templates. :) But most people like it because it's easier to get clients to pay without needing to remember their login.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...