An actual 'private' link for guest access
Hi everyone. I just signed up for a trial to test the waters, and plan on signing up a client for the pro plan because I like what I see. However, I have a suggestion in regards to privacy.
Say I sign up my client's business and I am handling all the goals, campaigns, etc. through getclicky for them - and some managers would like to browse through the stats, maybe send that link on to a few others in the company. Obviously I don't want them to have admin privileges so they can't mess with things, so I allow public access to the stats.
Here is the problem... the public access link, or so-called 'private' link is not obfuscated in any way whatsoever. Say a tech-savvy competitor is browsing our site, is familiar with getclicky, and view source for one of our pages (like all good geeks do). They can see from the getclicky code that our site ID is ABCDEF, so, just go to '/stats/home?site_id=ABCDEF' and boom, they can see everything - all campaigns, goals, visitors, conversions, etc.
This is bad. A little paranoid perhaps, yes. But now that I'm a getclicky user, and happen to see in someone's source that they're using getclicky too, hell - I'll check to see if I can browse their stats, because why not? - it's that easy.
It would be simple to fix this, just associate a hash of username plus a salt, and have public access links be something like '/stats/home?guest_id=*HASH*'. That way, only people who have that specific link can view as a guest, and not anyone who happens to see your site ID.
I was somewhat shocked to see that it was setup this way, and consider it to be an important oversight on getcliky's part.
Thanks for reading,
Posted Fri Aug 21 2009 12:20a by cnanney
The private link feature is not just turning on public stats. It's an actual unique link that contains both the site ID and sitekey to authorize a user to view the stats for a given site ID, and does not require public stats to be enabled. However, the private link feature is one of a few features that are not available during the trial. Only paying Pro/Enterprise members can see it. It is available on the main page of your site preferences.
Posted Fri Aug 21 2009 1:35p by Your Friendly Clicky Admin
Ahhh... Well then, that alleviates any concern I had. Thank you for replying.
Posted Fri Aug 21 2009 1:47p by cnanney
I have the "pro" version, but I'm not able to see where I can activate à "private link" in prefernces . Sorry for my very poor english...
Posted Wed Sep 16 2009 10:03a by Christian63
Under 'Site preferences', a private link will be listed under site information.
Posted Wed Sep 16 2009 10:08a by cnanney
This is the correct thread.. I'm so pleased you still have this option, its a great way to convince a client to pay for their own account lol
Posted Mon Feb 17 2014 11:27a by Lynny
You must be logged in
to your account to post!