Many people use web browsers with third-party plugins that track and
leak URLs people visit and strings they search.
Clear mail addresses in URLs is not a good idea. And obfuscate them is
not a solid solution. I prefer to recommend you a website's internal
table of user-ids corresponding to each mail account. This will make
simple IDs, short URLs and simple and solid security.
Important to generated codes be one-time-only codes, and absolutely unique.
Narcis Garcia
__________
I'm using this dedicated address because personal addresses aren't
masked enough at this mail public archive. Public archive administrator
should fix this against automated addresses collectors.
El 24/4/22 a les 5:20, gordonisnz@xxxxxxxxx ha escrit:
Hello. I'm wondering if you can assist with advice regarding
passwords/hiding emails.
basically,
a) a user enters their email address
b) I generate a code for login and generate an email.
c) the email contains the URL to log in
http://website.com/login?code=EMAILADDRESS-GENERATEDCODE
When the person clicks on it, I separate the email address - and
generate a new code - if it matches, they are logged in.
MAIN CONCERN - is if I have an email address in the actual URL, it may
be easier for spammers to pick it up & start spamming the user.. (I'm
not doing the spamming)..
Is that a real or imaginary concern? would the ISPs be spamming folk &
scanning for URLs that pass through their servers for email addresses?
Would a MySQL database be best - to store email addresses & assign a
user number for each email? Then use the user number in the URL?