Re: Newsletter Secure Subscribe/Unsubscribe — PHP Programming Language

You are here: Re: Newsletter Secure Subscribe/Unsubscribe « PHP Programming Language « IT news, forums, messages

Posted by Peter van Schie on 11/03/05 15:20

Angelos wrote:

> The problem with that is that you can easily exploit it... if you start
> subscribing and then just copy pasting the above url with ascending ids.
>
> Same happens with the unsubscribe.
> <a
> href=www.mysite.com?unsubscribe&subscribers_id=$row_subscriber_id>Unsubscribe</a>
> Exploit: just use random subscriber_ids and start unsubscribing people.
>
> But if that Number was encoded somehow and then decoded... it would solve
> the proble... or at least the chances would be less.

Hi Angelos,

You could keep track of the IP addresses and allow only one subscription
and unsubscription per IP per day.
You'd get an extra db table, like:

ip | date | action
==========================================
123.450.123.450 2005-11-03 subscribe

HTH.
Peter.
--
http://www.phpforums.nl

Navigation:

Next in forum: Re: Newsletter Secure Subscribe/Unsubscribe
Prev in forum: Newsletter Secure Subscribe/Unsubscribe
Thread view: Re: Newsletter Secure Subscribe/Unsubscribe

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация