I am developping a sns site.
I was wondering if i send user's email addresses as a part of
confirmation link so that
when a user receives the confirmation email, he can just click on the
link to login
to our site without punching in the password.
"kaka"
news:1192121091.674015.252120@50g2000hsm.googlegroups.com...
>I am developping a sns site.
> I was wondering if i send user's email addresses as a part of
> confirmation link so that
> when a user receives the confirmation email, he can just click on the
> link to login
> to our site without punching in the password.
yeah, sounds like a plan. i assume though, you meant to phrase that in the
form of a question...maybe ending the thought with 'how would i go about
doing that?'.
in that case, i'd assume you'd have googled a miriad of examples and tried a
few. or, you may have searched here for even more specific implementations
(which i myself have posted in-depth and without the security holes your
initial thought leaves in play). and, since i know you've done your
homework, i'd next ask to see the portion(s) of code that are giving you
problems. then, i think everyone here would be willing to help...since i'm
sure you aren't asking to build a full-fledged implementation without regard
to consideration, i.e. payment.
;^)
On Thu, 11 Oct 2007 18:44:51 +0200, kaka
> I am developping a sns site.
> I was wondering if i send user's email addresses as a part of
> confirmation link so that
> when a user receives the confirmation email, he can just click on the
> link to login
> to our site without punching in the password.
No.
What if I know someone's emailadress?
Preferably you use some random unrelated hash for this, which you can
create, store locally, and send out in the email, so it can be rechecked
(and discarded) after comfirmation. Still good for a one-time login, not
reusable or predictable for anyone.
--
Rik Wasmus