通过电子邮件URL安全登录
[英]Secure Login through Email URL
问题描述
I would like my users to be able to login instantly by following a URL in their email: 
我希望我的用户能够通过遵循其电子邮件中的URL立即登录:
Such as: 如:
Hello User, Click here to access your account: https://mysite.com/?user=12345&login=38904753290875 您好用户,单击此处访问您的帐户: https : //mysite.com/? user =12345&login=38904753290875
The user number would be fixed, but the login would NOT be a password, just a ONE TIME access token with a 24 hour expiration. 用户号将是固定的,但登录名将不是密码,而只是一个具有24小时有效期的一次性访问令牌。
Is this secure, or do I still need to ask them for their password when logging in? 这样安全吗?还是在登录时仍然需要询问他们的密码?
Note, when logged in, the user won't be able to change their password without giving their password. 请注意,登录后,如果不提供密码,用户将无法更改密码。
1 个解决方案
解决方案1
2 已采纳 2014-07-26 19:02:45
Is this secure, or do I still need to ask them for their password when logging in?
The security depends on your authentication design. 安全性取决于您的身份验证设计。 Good security, even a single sign-on, doesn't depend on a single action. 良好的安全性,即使是单点登录,也不必依赖于单个操作。
Things to consider: 注意事项:
transport of sensitive information (for example, even if the url is https, how sure are you about their email providers) - the impact of what these users could do in worst case scenario's - how to detect unauthorized actions, since the 'id' has 24 hour free play? 敏感信息的传输(例如,即使url为https,您如何确定其电子邮件提供商)-这些用户在最坏的情况下可能采取的措施的影响-由于“ id”具有24小时免费游戏?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.