Hi
I am looking into site registration via a form and registration / verification link. The idea is the user provides an email, username and pass via a form on the site. They then receive an email with a link to click on to verify.
I am really just looking at ideas here but, OK the email has to be valid or they won’t receive the verification link - and it’s easy.
However most examples I see use a link in the email something like
Please click the following link to activate your account: www.mywebsite.com/login/activate.php?email=email@domain.com&code=5f86d8b70d922
This seems a huge security risk since the link basically reveals and transmits the subfolder, the php script name and the variable values in plain text.
Am I paranoid or is this method as insecure as it seems?
Is there a better method?
Yes I agree but, it’s easy to create a temporary or even 1 time email address or even intercept text transmitted. I am mostly concerned with possible code injection but wondered if I should have any other concerns
Most of my project are pending to go live until i understand fully how code injection works.
What i do before launching any app is to check for these things
Session hijacking
SQL injection
Code injection mostly done using java
Bruteforce
So to my poor security intelligence i code along these lines.
Not if it’s HTTPS, then the URL is encrypted between server and client.
It’s still plain text in the email of course, nothing much you can do about that, but most email is sent over SSL connections these days too.
I would not include the email address in the URL though, simply because that will end up in your server logs, which is not something you want with all the privacy laws going on like the European GDPR. Just a unique random code should suffice.
Is it a perfect system? No.
Is the best system we have so far? Yes.
Are there better alternatives? You can use split tokens for added security over some random code, but the main principle remains the same, so no.
You can combine the email, a user ID and “random” key, and hash the lot into a key.
That way the private info isn’t in plain text in the URL, but the info is there to reference it to the valid user account.
If is in plain text does it mean someone privacy have been breached?
Was the url containing the users email published on the site pages?
Was it not sent to the very email that owns it?
And if some one reads the email it does mean the person already have the email address you intend hiding from and much more can even access the said email?
This question i really need to know, if the url is sent via none https protocol what will happen? Who read’s the content and how?
Even though everyone can read the content, they won’t know this email is donald trump email or prince Richard email.
So they sit recording email addresses whose owners they know not?
Apart from spamming or marketing purpose is a waste of time doing that.
Even they can simply keep checking yahoo or gmail.com registration page with generic email names and once it said this email already exist they will add it to their records
Every hacker has a target, there are over billions of emails littering everyone. One jobless fellow saw something like dontdo@yahoo.com and start trying to hack it or what?
What i consider a privacy breach is
Donald trump (president usa)
Email: donald@unknown.com
Phone: 555555555555555
That’s what a privacy breach is because is so descriptive, not a random url that holds nothing but email address
I posted an email example@example.com
On my public website, and someone saw it and said oh! That’s my email address am suing for GPDR , when he gets to court what exactly will he tell them?
That i said hey guys this email belong to jark or john?
I rather focus my energy on ensuring the
Content is transmitted to the user securely, using https as @rpkamp had pointed out but wont stress myself with privacy laws.
Your choice obviously, but fines for not following them are severe.
To you maybe, but not to the law [in the EU, GDPR]. Under law any leaking of Personally Identifiable Information or failing to remove this when requested is a privacy breach.
And along the lines of GDPR, this is partly why 3rd party processors exist; Why does Paypal exist? Because people dont want to give their credit card details to every website they shop with; Paypal sits in the middle and says “Yes, that user can purchase the item, Paypal certifies the money is available.”
Same way that “Login with Google” works - you don’t need to give your password to the website, Google is trusted by the website, and says “Yes, this person is logged in as johndoe@example.com, treat them as such.” Your website doesnt need to (or even have access to) their password, but you’ve still got a verified login.
Yes you are right, but hacking emails or gmail and as such if one google account have been hacked the hacker can login to all the sites you are linked to which i found very disturbing.
Is it not safe to limit the access to only one affected site? If Facebook or Twitter is hacked and more 20 sites are doing login with social media, the hacker will simply access those sites once they have a hold of your gmail or facebook account.
If you’re going to be concerned about that, get off of the internet. It’s the only way to be safe.
shrug
People are stupid. Most people reuse passwords. At which point, a hack on one site is a hack on all sites. I’d rather put my trust in a multibillion dollar company’s security team over you sitting in your basement.
