Skip to content

100% Best Unlimited Private Proxies: Fast, Cheap and Secure

USA Private Proxy Servers – Buy Now!

Latest News

  • Withdraw fund from account but I need a Transfer Code to complete?
  • arithmetic – What is input form for repeating decimal in Mathematica?
  • How does an elf’s appearance translate to their actual age?
  • pathfinder 1e – Can a simulacrum be healed by any means other the ‘complex process’ outlined in the spell?
  • Question about migration
  • web app – how to change object size Google web apps for mobile
  • big sur – Bigsur: Bluetooth mouse works after running “bluetoothd”
  • What is the best way to install fb pixel in magento 2 ? Using script or with extension!
  • Set my sharepoint list to the contribute permission without breaking the inheritance
  • ❓ASK – What Expensive Things Do You Want? | Proxies123.com

authentication – How can I make secure login emails? (GET / POST)

View

I imagine a login / registration system, where the user enters their email and receives an email with a link to log in. The user clicks on the link and registers automatically (confirming the email address in the process).

This would be a form of authentication without a password.

issue

The problem I see with this approach is that a link will send a GET request, but this GET request will change the state of the user's session (by activating it).

GET requests should never (in accordance with the HTTP standard) have side effects. This is something that browsers also assume, which means that they could get GET requests to optimize the performance / user experience.

Let's say you are using Gmail in the browser. Could it then happen that the browser gets the link in the email?

It would be a big security problem if just opening the email was enough to log in to the site.

What I have considered

Using JavaScript on the landing page to send a POST request

My instinct tells me that, although a link's HTML / CSS / JavaScript could be recovered, none of this code (especially the JavaScript) will be executed before the browser explicitly opens the link.

This should mean that if the user's session is activated in some way using JavaScript (by sending a POST request to the backend), it should be safe to use a GET request to get to this page (like a link in the email).

Am I correct in assuming this?

Is it a bad practice to do it this way?

Using an HTML form in the body of the email

Another option would be to place a form in the email, which would allow a POST request directly from the email.

However, it seems that several email clients will block forms shipments within emails. Email clients that allow the submission of forms tend to warn the user that the email is probably malicious. It seems that this is not really a good solution.

Posted on November 23, 2018Author Proxies123Tags authentication, emails, login, post, Secure

Post navigation

Previous Previous post: Convert Apple Music to MP3 for free
Next Next post: Machine Learning – Test Quadratic Kernel
Proudly powered by WordPress

DreamProxies - Cheapest USA Elite Private Proxies 100 Private Proxies 200 Private Proxies 400 Private Proxies 1000 Private Proxies 2000 Private Proxies ExtraProxies.com - Buy Cheap Private Proxies Buy 50 Private Proxies Buy 100 Private Proxies Buy 200 Private Proxies Buy 500 Private Proxies Buy 1000 Private Proxies Buy 2000 Private Proxies ProxiesLive Proxies-free.com New Proxy Lists Every Day Proxies123