For the sake of simplicity, instead of full-fledged authentication with login and password, I want to create "Google Docs long url" authentication scheme for my internet shop for the users. To let them view, track, and possibly modify their own orders:
my_shop.com/orders/very_long_and_random_string_here/{view|edit|etc}
The very_long_and_random_string_here
will have around 50 characters. It'll be unique for each order.
The page will contain user's email and dates. The very sensitive information won't be in the plain text, it'll be partially shown, partially hidden.
Will this url authentication scheme be secure enough?
Are there caveats? Are there serious no-no?
Note that my question is different from How unlikely is it that a Google Doc link is guessed?