Hello
One of my clients says that the competition knows how many transactions he has in store. He says that by “Track my order (s)” check how many orders each day he arrived.
Could it be that there was a hole that allows you to check how many transactions currently in stores?
Robert.
What your client is describing is possible and quite simple to achieve.
Step 1 - Enter an initial order number (say 1000)
Step 2 - If the response is positive (“we have sent you tracking info…”) then repeat Step 1 with a higher number until you get a negative response (“we don't have an order with such a number”)
If this is done daily one can get a good idea of sales volume
The issue exists because the system allows one to look up tracking by entering an order number and provides a response if the order number is not existent.
Note to CS-Cart
Disable order lookup by order number or don't show a negative response
Thanks Mandy.
I turned off notifications in the controller orders.track_request and this should prevent this practice.
Robert.