0

我有一个新网站。以下是我的场景:

我将向 5 个人(数字不重要)发送一封电子邮件,在电子邮件中,我将包含一个链接供他们点击:

www.domain.com/email=abc@xyz.com&key=abc...xyz

它们的密钥是使用 php 中的 salt 和 sha1 随机生成的。单击他们电子邮件中的链接后,我可以直接让他们访问更新个人资料页面吗?还是我需要让他们再次登录?

如果我直接让他们访问更新配置文件页面,我需要注意哪些安全事项?我知道登录的使用,可以存储会话,但问题是,他们点击电子邮件中的链接,我认为它非常私密和安全。

我能想到的唯一安全漏洞是:黑客可以神奇地记住“密钥”(大约 60++ 个字符),然后在浏览器中输入 URL:www.domain.com/email=abc@xyz.com&key= abc...xyz。

如果黑客能做到这一点,那我就完了。我的用户帐户将被黑客入侵。

还有什么黑客可以破解的吗?只需更新个人资料页面。

顺便说一句,如果他们已经更新了他们的个人资料,我应该删除数据库中的“密钥”吗?

我正在使用 php 和 mysql

4

3 回答 3

3

密码重置电子邮件应该有一次性使用 - 在您的数据库中存储一个不透明的令牌,在电子邮件中发送它,并且只允许它使用一次。

于 2009-08-14T07:35:39.570 回答
0

我同意 Paul 的观点,但对于个人资料更新,我建议在登录后进行。当客户重置密码时,您还可以显示和记住客户的IP地址。

于 2009-08-14T07:43:21.317 回答
0

Typical practice is to require a user to change their password when they are sent a 'Forgot Password' email, and then make them log in before they can change anything.

A recent implementation of a password email that I created worked as follows:

  • Create an array containing the id of the user, and the current timestamp.
  • Serialize and then encrypt the resulting string (using a symmetric key, which is stored on your server).
  • Put that encrypted string in a url parameter (my advice is to base64_encode the data twice in order to ensure you don't get bad characters in the url), and then send it to them in an email.
  • When someone clicks on the link in their email, first check that the parameter decrypts properly (meaning it's valid), and then deserialize the data structure. You now check that original timestamp. If too much time has passed since that point, reject the forgotten password url as too old.
  • If the url is valid, and recent enough, take them to a 'reset password' page.
于 2009-08-14T07:47:06.600 回答