Jump to content


Check out our Community Blogs

Register and join over 40,000 other developers!


Recent Status Updates

View All Updates

Photo
- - - - -

Using e-mail addresses in URL

email e-mail url

This topic has been archived. This means that you cannot reply to this topic.
7 replies to this topic

#1 Masterakos

Masterakos

    CC Regular

  • Member
  • PipPipPip
  • 39 posts

Posted 05 December 2013 - 04:18 AM

What's you opinion about the consequences of using e-mail addresses inside the URL.

For example there is a web-application with registered users and a profile page for each one. Now any user can link his profile using www.application.com/email@registered.com

Can this become an issue in the long run? Is it bad from the beginning? I've never seen that personally so i just thought to ask for opinions.



#2 Sundance

Sundance

    CC Devotee

  • Validating
  • PipPipPipPipPipPip
  • 572 posts

Posted 05 December 2013 - 04:36 AM

It's not used often because it's a security flaw to do so.

 

For instance password reset via email...if the person who is trying to gain access to another persons account they only have to view their profile to know which email is associated with the account, alternatively they could then crack the email address and the likely hood is the user will use the same password for multiple accounts.


Please read the

FaQ & Guidelines


#3 BlackRabbit

BlackRabbit

    CodeCall Legend

  • Expert Member
  • PipPipPipPipPipPipPipPip
  • 3871 posts

Posted 05 December 2013 - 05:35 AM

Well... security... privacy... I wouldn't call it security issue if there's not valuables to be lost.

That said, yes, you are opening your system in a way that users' information is not secure, I can't tell about privacy because I don't know if the site is meant to share information publicly.



#4 WingedPanther73

WingedPanther73

    A spammer's worst nightmare

  • Moderator
  • 17757 posts

Posted 05 December 2013 - 06:39 AM

I would be rather irritated if you were setting me up to be spammed to death like that.


Programming is a branch of mathematics.
My CodeCall Blog | My Personal Blog

My MineCraft server site: http://banishedwings.enjin.com/


#5 Masterakos

Masterakos

    CC Regular

  • Member
  • PipPipPip
  • 39 posts

Posted 05 December 2013 - 06:48 AM

I can't tell about privacy because I don't know if the site is meant to share information publicly.

Well the site is meant to share professional profiles. For example i want to send my professional (CV style) profile to a company for checking me out, or to a friend, or post it in my profile here in codecall forum.

There is always the solution to put ID and stuff like that but i want the user to feel like he owns the URL. I don't know if you get me or even if i am thinking right  :confused:

The fullname is not unique and usernames like Masterakos023 and JohnSmith03 (after 3 JohnSmiths have registered) look bad for professional profile name.


Edited by Masterakos, 05 December 2013 - 06:54 AM.


#6 Sundance

Sundance

    CC Devotee

  • Validating
  • PipPipPipPipPipPip
  • 572 posts

Posted 05 December 2013 - 08:17 AM

What you could do is assign something like a separate ID?

 

How about

 

HTTP://WWW.URLNAMEHERE.COM/001_John_Smith

HTTP://WWW.URLNAMEHERE.COM/002_John_Smith

HTTP://WWW.URLNAMEHERE.COM/003_John_Smith

 

Still looks professional yet gives you an alternative.


Please read the

FaQ & Guidelines


#7 gonerogue

gonerogue

    CC Addict

  • Advanced Member
  • PipPipPipPipPip
  • 197 posts

Posted 05 December 2013 - 09:01 AM

So, everybody in my LAN with a sniffer may see my email address ?

That's enough for me to freak out and never use your site again.

Or are you planning to use SSL ?


Edited by xyv123, 05 December 2013 - 09:26 AM.


#8 WingedPanther73

WingedPanther73

    A spammer's worst nightmare

  • Moderator
  • 17757 posts

Posted 05 December 2013 - 09:39 AM

Most professional sites that are not purely internal keep email addresses hidden, often even from other users. That's expected behavior.


Programming is a branch of mathematics.
My CodeCall Blog | My Personal Blog

My MineCraft server site: http://banishedwings.enjin.com/





Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download