I noticed that the eCards are delivered via an HTML link that does not appear to be secure. In other words, say my girlfriend is a member and she sends me a sexy Valentine message. I am given a URL for the eCard http://mysite/eCards/8.
Now, I can access this URL with no problem and I am very happy to see the sexy message waiting for me. But then I think, hey I wonder what ecard 9 looks like or eCard 10, so I simply change the number in the URL and Voila! I can look at everyone's eCards. Then I realize that everyone can also see the very private and sexy message from my girlfriend!
Am I missing something? Can I modify my site in some way to prevent this?