Security Risks: automatic login via GET params
I'm building a site wherein users can create accounts and message each other using the site's messaging system (a basic emailing system). If User-A receives a message from another User-B, I want to automatically notify User-A via his/her email address on file. Furthermore, I'd like to save User-A from having to enter his/her login credentials to the website in order to access this message.
开发者_如何学编程Is it a bad idea to email User-A a special link that automatically logs him/her on the website? For example: "Please click on www.domain.com/?message_id=1&hash=abc123" (I can use the has value automatically log User-A to his/her account and view the specific message).
The email will already contain the message that User-B sent. User-A will have to go to the site in order to reply.
I guess my assumption is that this link would be safe since it will be emailed directly to User-A, who should have his/her email secured. Furthermore, I could make the hash only work for a certain period of time or after the first click, etc.
Normal practice for this sort of thing is to have a one-time authorization page that a user is taken to the first time they click on one of these links. This authorization page requires the user to enter their full credentials (user name, password, etc), and asks them if they're connecting from a trusted/permanent computer. If they answer yes, then it stores a cookie in their browser to let your app know upon future visits that the browser has already been verified as belonging to that user.
Internally, you need to store that cookie's ID and the user's ID, so that you can verify on return visits that the cookie matches the user.
You may also wish to throw in one additional back-and-forth, by having the registration process send another email to the user's registered email address, with a magic token that has to be used to register their browser. This prevents a third party from stealing their email and guessing their password. Of course it doesn't protect against an attacker who has live access to their mailbox.
精彩评论