Using a guid for displaying "secure" invoices

I've created a web site for student management (martial arts schools). Which includes invoicing students. Currently the only way my users can do this is by printing the invoices and handing them to the students. I'd like to create a way for the students to go to their invoice online.

I've been considering using GUIDs for the students, and using that as the parameter for the query string to the invoice. (http://thesite.com/invoice.php?guid=E3D3D122-5AB6-4405-96EC-7C0579710813)

The invoice would be a read-only page, and allow no access to the rest of the site. So I'm not to worried about packet sniffing (I don't believe some sniffing traffic in a cof开发者_JAVA百科fee shop is a concern, if all they have access to is a random student invoice).

I am worried about someone being able to guess, or get to a specific set of invoices (i.e. all the invoices of a competitor).

I feel like I'm either crazy for considering it, or it's a relativity standard practice. I'm just not sure which. And SO is a great sanity check.

Thanks

---

That's actually a good, secure process; you lose the readability of the URL, of course, but if that's not much of a concern, that's a good solution. It's certainly not guessable.

As an added security measure, you might want to put in place logging of invoice accesses.

---

I would take it one step further and store the invoice as a password protected pdf document. This achieves several things:

• the document is read only (a web page is too, but a pdf is harder for the end user to change)
• the student also requires a password to access the info in the document so even if someone guesses the GUID (or more likely gets a shortcut/url mailed to them) then they can't see what is in the document (they won't be able to see the amount, which school it is for, etc.)
• even if the document is retrieved from a web cache it isn't viewable without the password
• it is printer friendly
• it should be easily viewable on other devices