No, not lazy. Being lazy would have been doing a simple session check and then redirecting to a login page if the session user id did not match the user id in the order. The developer had no idea what he/she was doing. Brutal.
You have me listening. What would be the correct course of action while not lazy and knowing what you're doing? I know that "knowing what you're doing" and this question doesn't go together, but still anything better than a check/redirect?
And this customer support ticket shows a customer complaining about the fact that their order information is visible on the internet. This was back in 2011.
ClickBank has to have known about this hole for years and hasn't addressed it.
ClickBank.com is a secure site. The only way someone would be able to look up your order,
which does not show any payment detail except your Credit Card type and last 4 digits on
the card, is to know the exact order number and email address.
Closing this ticket, because new tickets for each order, requesting a vendor authorization
for refunds have been opened. These orders are 116 days old and ClickBank.com is not able
to issue a refund for order over 60 days old.
Can only hazard a guess that this must be some bizarre form of SEO or something, because this is a known issue that could be fixed in probably 30 minutes max, which they have received complaints for...
"ClickBank.com is a secure site. The only way someone would be able to look up your order, which does not show any payment detail except your Credit Card type and last 4 digits on the card, is to know the exact order number and email address."
Strange, because the link in the ticket to the order still works and is viewable without any of that information.
