RE: return url in email
RE: return url in email
- Subject: RE: return url in email
- From: "Albert Jagnow" <email@hidden>
- Date: Fri, 3 Oct 2003 17:17:36 -0500
- Priority: normal
- Thread-topic: return url in email
You should realize that anytime you send information by email it is not
secure. It would be bad for you and the user to put actual usernames
and passwords in the url you embed in the email. If your site requires
authentication the best thing to do is use an on demand password page.
So the user clicks on the URL and if they are not already authenticated
they are prompted for their password, they enter the correct password
and they go to the page in the url. I have seen several example of how
to do this before.
If you don't want them to need to enter a password at all, you could
embed a token in the url that you can check to see if it is valid. For
example you could just put a random 20 character string in the url (
http://www.mysite.com/cgi-bin/WebObjects/MyApplication.woa/wa/urlAction?
loginToken=1jH7eFsdUNh593kstW3v&record=1234 ). That token would also be
stored in your database so you can validate it. Then you look it up to
see if the url/user is valid. The second method is less secure, but
should be easier to implement, and is better then sending plain user
names and passwords around via email.
In both cases you will want to make sure your url is calling a direct
action.
--Albert
-----Original Message-----
From: Leon zhao [mailto:email@hidden]
Sent: Friday, October 03, 2003 4:42 PM
To: email@hidden
Subject: return url in email
Hey everyone,
I want to let my forum users be able to go back to the a forum page
by
clicking a url in the email the forum system sends to them. How can I
include password and userid in that page?
Could you please let me know how to record the page in the forum and
how
to add password and username in the url?
Best Regards.
Leon
_________________________________________________________________
Help protect your PC. Get a FREE computer virus scan online from
McAfee.
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.
This e-mail (including any attachments) is covered by the Electronic
Communications Privacy Act, 18 USC. 2510-2521. It is confidential and
may be legally privileged. If you are not the intended recipient, you
are hereby notified that any retention, dissemination, distribution, or
copying of this communication is strictly prohibited. Please reply to
the sender that you have received the message in error, and then delete
it. Thank you.
_______________________________________________
webobjects-dev mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/webobjects-dev
Do not post admin requests to the list. They will be ignored.