By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,724 Members | 1,184 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,724 IT Pros & Developers. It's quick & easy.

send email address as a part of confirmation email

P: n/a
I am developping a sns site.
I was wondering if i send user's email addresses as a part of
confirmation link so that
when a user receives the confirmation email, he can just click on the
link to login
to our site without punching in the password.

Oct 11 '07 #1
Share this Question
Share on Google+
2 Replies


P: n/a

"kaka" <sm************@gmail.comwrote in message
news:11**********************@50g2000hsm.googlegro ups.com...
>I am developping a sns site.
I was wondering if i send user's email addresses as a part of
confirmation link so that
when a user receives the confirmation email, he can just click on the
link to login
to our site without punching in the password.
yeah, sounds like a plan. i assume though, you meant to phrase that in the
form of a question...maybe ending the thought with 'how would i go about
doing that?'.

in that case, i'd assume you'd have googled a miriad of examples and tried a
few. or, you may have searched here for even more specific implementations
(which i myself have posted in-depth and without the security holes your
initial thought leaves in play). and, since i know you've done your
homework, i'd next ask to see the portion(s) of code that are giving you
problems. then, i think everyone here would be willing to help...since i'm
sure you aren't asking to build a full-fledged implementation without regard
to consideration, i.e. payment.

;^)
Oct 11 '07 #2

P: n/a
On Thu, 11 Oct 2007 18:44:51 +0200, kaka <sm************@gmail.comwrote:
I am developping a sns site.
I was wondering if i send user's email addresses as a part of
confirmation link so that
when a user receives the confirmation email, he can just click on the
link to login
to our site without punching in the password.
No.
What if I know someone's emailadress?
Preferably you use some random unrelated hash for this, which you can
create, store locally, and send out in the email, so it can be rechecked
(and discarded) after comfirmation. Still good for a one-time login, not
reusable or predictable for anyone.

--
Rik Wasmus
Oct 13 '07 #3

This discussion thread is closed

Replies have been disabled for this discussion.