thank you for reply. i think i will stay, on hashed url solution, yes you can share url, but as you said there is no better, more secure way...
On Nov 12, 6:40 pm, Smelly_Eddie <[EMAIL PROTECTED]> wrote: > That still does not prevent a user from sharing the original url in > the email. Anyone that visits the first page could see the second. > > It seems like this is a moot point if you use authentication or email > tickets, which would be a much more sound approach. > > Any solution you may come up with will not be secure since there is no > unique way to identify the source as an email. Some web based email > will show the referrer as the provider (gmail, yahoo) but client based > applications (thunderbird or outlook) will have a blank referrer. > > -EW > > On Nov 11, 4:16 pm, Marcus Silva <[EMAIL PROTECTED]> wrote: > > > Hi, > > > I am not sure if I got your question right, but if I did you might be > > ok doing the following: > > > Create an email hash key like Jon Bennett suggested, when the user > > comes back to your site take > > > make the user go to a url on your site where you can check the hashed > > value, then send the user to another page, in that page check if the > > referer ($this->refefer()) was the page the user visited originally > > via the email link, only send the user to this page is the hash key > > validates. > > > That should work.... > > > Hope it helps > > > Cheers > > > Marcus > > > Another way > > > On Nov 11, 8:38 pm, "Jon Bennett" <[EMAIL PROTECTED]> wrote: > > > > > Yes i thought about this approach. But problem is that i need to make > > > > access only through email, without restrictions in visit count. > > > > In that case don't check for a key's count, jsut allow it. Still use a > > > key though, ideally random per email sent out, something like: > > > > $key = substr(md5($user['User']['name'].$user['User']['email']), 0, 20); > > > > Only a really keen individual will bother trying to guess your hash > > > key, so only valid urls will work. > > > > I don't see how you can stop people from passing the urls around > > > though if they can be used more than once. You can spoof the referrer, > > > so I really don't know how you could police it effectively. > > > > hth > > > > jon > > > > -- > > > > jon bennett > > > w:http://www.jben.net/ > > > iChat (AIM): jbendotnet Skype: jon-bennett --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
