kerry14: kerry14: This seems a huge security risk since the link basically reveals and transmits the subfolder, the php script name and the variable values in plain text.

Not if it’s HTTPS, then the URL is encrypted between server and client.

It’s still plain text in the email of course, nothing much you can do about that, but most email is sent over SSL connections these days too.

I would not include the email address in the URL though, simply because that will end up in your server logs, which is not something you want with all the privacy laws going on like the European GDPR. Just a unique random code should suffice.

Is it a perfect system? No.

Is the best system we have so far? Yes.

Are there better alternatives? You can use split tokens for added security over some random code, but the main principle remains the same, so no.