I have a client that provides a list of companies on their web site (powered
by PHP/MySQL.) These companies advertise their services to visitors. The
company information has been maintained exclusively by the client, but now
they would like to provide a way for the companies to update their own
information.
Can someone suggest a reasonable secure method to allow the companies to
edit their own information without a login and authentication procedure? One
idea is to provide each customer an URL which includes an encrypted token.
The token could be generated using a unique piece of data like an email
address or telephone number. It could be decrypted serverside and validated.
I've done something similar for other clients on a tight budget and it
worked well, but am wondering if there's a better approach without adding
full-fledge authentication.
All comments/suggestions are appreciated.