I am looking into site registration via a form and registration / verification link. The idea is the user provides an email, username and pass via a form on the site. They then receive an email with a link to click on to verify.
I am really just looking at ideas here but, OK the email has to be valid or they won’t receive the verification link - and it’s easy.
However most examples I see use a link in the email something like
Please click the following link to activate your account: email@example.com&code=5f86d8b70d922
This seems a huge security risk since the link basically reveals and transmits the subfolder, the php script name and the variable values in plain text.
Am I paranoid or is this method as insecure as it seems?
Is there a better method?