Jump to content
  • 0

invoice emails - shared invoice settings safe?

cluster

Asked by cluster,

 Share

Question

cluster Explorer

cluster

Posted
Posted

I think I will choose Blesta and migrate from whmcs soon ?

one more question about the invoice emails ...
the shared invoices function what does it mean exactly?
Is this function safe (using an one-time individual string link) ... with "safe" I mean if someone pays via the link is then the payer automatically logged into the customer account after the payment and has access? Would a css attack be possible via GET variables to access the client area from a payment link?
I would like to use the payment link function for invoice emails if it's safe and the customer accounts cannot be compromised via payment links.

1 answer to this question

Recommended Posts

  • 0
Paul Rising Star

Paul

Posted
Posted
5 hours ago, cluster said:

I think I will choose Blesta and migrate from whmcs soon ?

one more question about the invoice emails ...
the shared invoices function what does it mean exactly?
Is this function safe (using an one-time individual string link) ... with "safe" I mean if someone pays via the link is then the payer automatically logged into the customer account after the payment and has access? Would a css attack be possible via GET variables to access the client area from a payment link?
I would like to use the payment link function for invoice emails if it's safe and the customer accounts cannot be compromised via payment links.

That's great! We are glad that you are considering Blesta.

Do you mean the "Pay Now" link that appears in invoice emails that does not require a client to be logged in to make payment? This link does not automatically log the client into the client area, it only allows them to make a payment without being logged in. So, while it's possible that some information about the client can be seen as required for making payment, using the link does not give full access to the client account. Clicking the link allows payment, but you cannot see other invoices, services, transactions, or place orders or anything like that. Limited access for the purpose of making payments only.

If you do not want to use the Pay Now link, you can remove it from the email templates. :) But most people like it because it's easier to get clients to pay without needing to remember their login.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to question listing
×
×
  • Create New...