Is it a security issue to expose PII on any publicly accessible URL?
I am designing a e-commerce based website, part of which will be a order summary page. This order summary page, will contain the address and name of the person who ordered a product.
My plan was to encrypt the order id, and pass it to the checkout success page like like so: https://www.example.com/success?id=AES-128ENCRYPTED_ID
This would mean that the customer can 'refresh' the success page and still get the order confirmation.
The length of the encrypted ID would mean it should be too difficult for anyone to guess, however the URL would be stored in logs etc, and although no PII is in the url itself, anyone would be able to click that url and see the PII if they were able to see someone elses url recorded in some logs.
What is the best practice around this? Is this a fundamentally bad design, if so, what is the alternative? Keep the data in a session maybe?
