Authorizing link work once only and are limited in time. Brute force won't success on tokens of this length, esp. as I set a limit for accessing them. An attacker with a similar success could try to find token of a valid cookie at any website. And why would you forward your authorizing link? It's like emailing your password to someone else.
Anything I miss? On Mar 11, 7:28 am, Zaky Katalan-Ezra <[email protected]> wrote: > You give access to whom ever have the link from the email. > If I forward this mail to some one else you still recognize him as me. > If you use authorizing links like > thishttp://WhenDidYouLast.com/OIHOIUE9009OI8KHHHEF/ > to identify your users it's possible to scan for url's like this ad probably > find one that work. Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
