Page 1 of 1

User Authentification System Guidelines

Posted: Wed Sep 14, 2005 8:10 pm
by spartan7
Hi there.

I have been asked by a client to develop a user authentification system. Where a user can login and edit their details and submit it. However, he wants the users of the system to be able to login to the site from a URL he emails them and not have to go through the process of entering a login and password atall. But it still must be secure.

Is there any way of securely sending the username/password in the URL inorder to access the admin section or concept of doing something similar?

Thanks

Posted: Wed Sep 14, 2005 8:43 pm
by josh
instead of sending the actual username and admin in the email send a token

What do you mean by token?

Posted: Wed Sep 14, 2005 10:12 pm
by spartan7
Thanks

Posted: Thu Sep 15, 2005 10:44 am
by pickle
There's no way to guarantee that the URL can't be sent by a third party. Tell your client he's out to lunch. You can make that token as complex as possible, but Joe Script Kiddie will still be able to copy and paste it into his browser.