Many people use web browsers with third-party plugins that track and
leak URLs people visit and strings they search.
Clear mail addresses in URLs is not a good idea. And obfuscate them is
not a solid solution. I prefer to recommend you a website's internal
table of user-ids corresponding to each mail account. This will make
simple IDs, short URLs and simple and solid security.
Important to generated codes be one-time-only codes, and absolutely unique.
I'm using this dedicated address because personal addresses aren't
masked enough at this mail public archive. Public archive administrator
should fix this against automated addresses collectors.
El 24/4/22 a les 5:20, gordonisnz@xxxxxxxxx ha escrit:
Hello. I'm wondering if you can assist with advice regarding
a) a user enters their email address
b) I generate a code for login and generate an email.
c) the email contains the URL to log in
When the person clicks on it, I separate the email address - and
generate a new code - if it matches, they are logged in.
MAIN CONCERN - is if I have an email address in the actual URL, it may
be easier for spammers to pick it up & start spamming the user.. (I'm
not doing the spamming)..
Is that a real or imaginary concern? would the ISPs be spamming folk &
scanning for URLs that pass through their servers for email addresses?
Would a MySQL database be best - to store email addresses & assign a
user number for each email? Then use the user number in the URL?