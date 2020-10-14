Hi

I am looking into site registration via a form and registration / verification link. The idea is the user provides an email, username and pass via a form on the site. They then receive an email with a link to click on to verify.

I am really just looking at ideas here but, OK the email has to be valid or they won’t receive the verification link - and it’s easy.

However most examples I see use a link in the email something like

Please click the following link to activate your account: www.mywebsite.com/login/activate.php?email=email@domain.com&code=5f86d8b70d922

This seems a huge security risk since the link basically reveals and transmits the subfolder, the php script name and the variable values in plain text.

Am I paranoid or is this method as insecure as it seems?

Is there a better method?