Menu
Give me few reasons why NOT to include email addresses in plain text form for unsubscribe link that gets sent out in our newsletters.
Right now it's:
xyz.net/unsubscrible?uid=123&[email protected]
I am pushing for:
xyz.net/unsubscrible?uid=123&key=(encrpted_email_md5hash).
I don't really like the idea of throwing email addresses in plain text, but need to convince my manager for possible threats.
Update: While all the answers were suggesting how I should secure it and NOT reason why I should secure it, I find do-ob's answer most appropriate.
427
Because then you can unsubscribe somebody else. Ideally you want to use only a key:
xyz.net/unsubscrible?key=<some unique cryptographic hash>
I shouldn't be able to guess at ids and emails and cause some action to occur for somebody else.
54
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
