Skip to Content
0
Former Member
Jun 19, 2009 at 04:39 PM

Security of Catalog content using themes

20 Views

Hi,

I may have got the wrong idea here so please correct me if I'm wrong...

If there are multiple themes created in a webtools site each one can have its own specific catalog and but connecting users to themes the catalog that that user sees when he logs in ( if the site requires login to view catalogs ) is defined.

I was under the impression that this functionality was a means of restricting the products that a user can view and buy.

Why, then when I login can I manipulate the URL query string to switch to another theme simply by editing the 'ServerId' parameter and hence see items which I may not be entitled to see.

( Obviously you have to know the theme ID you require but I can't accept that this is enough to secure the catalog from unauthorised use )

Maybe I don't understand the Base URL/ User Theme/ Catalog functionality correctly or I have missed an important setting somewhere?