Reply to Unique URL as an identifier

Your name:

Reply:


Posted by Nel on 10/22/12 11:40

From your (group) opinion, when sending a unique URL to a user, what steps
are a must in making sure the link can't be hacked.

i.e. Bad link
www.example.com?id=10&action=reset_password


would be better as
www.example.com?id=505B6EF41388913908D9B65B35DEAAEE&action=reset_password

But ultimately a hacker could work their way through all combinations and
reset all passwords on all users.

So you could use
www.example.com?id=505B6EF41388913908D9B65B35DEAAEE&action=reset_password&dbindexnumber=10
(probably not using dbindexnumber as a variable) That way the hacker would
need to get both right to reset the password.

But how far do you go reasonably, without getting paranoid?

Nel.

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация