Re: Email addresses in URLS?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Many people use web browsers with third-party plugins that track and leak URLs people visit and strings they search.

Clear mail addresses in URLs is not a good idea. And obfuscate them is not a solid solution. I prefer to recommend you a website's internal table of user-ids corresponding to each mail account. This will make simple IDs, short URLs and simple and solid security.

Important to generated codes be one-time-only codes, and absolutely unique.


Narcis Garcia
__________
I'm using this dedicated address because personal addresses aren't masked enough at this mail public archive. Public archive administrator should fix this against automated addresses collectors.



El 24/4/22 a les 5:20, gordonisnz@xxxxxxxxx ha escrit:
Hello. I'm wondering if you can assist with advice regarding
passwords/hiding emails.

basically,

a) a user enters their email address

b) I generate a code for login and generate an email.

c) the email contains the URL to log in

http://website.com/login?code=EMAILADDRESS-GENERATEDCODE

When the person clicks on it, I separate the email address - and
generate a new code - if it matches, they are logged in.

MAIN CONCERN - is if I have an email address in the actual URL, it may
be easier for spammers to pick it up & start spamming the user.. (I'm
not doing the spamming)..

Is that a real or imaginary concern? would the ISPs be spamming folk &
scanning for URLs that pass through their servers for email addresses?

Would a MySQL database be best - to store email addresses & assign a
user number for each email? Then use the user number in the URL?




[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux