Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am trying to create a folder structure like so:
one level ABOVE the public web directory. The only unique key (besides the user_id itself) is the user email, since their email is their username, so…
Question: Would people be able to access these directories and get a hold of all user’s email address? How bad of an idea is this? What possible alternatives do you suggest?
Thanks.
Definitely make sure you use hashes instead of plain-text E-Mail addresses. That is a must.
Other than that, I guess this is as safe (and unsafe) as a solution can be that is based on security through obscurity (i.e. your security relies solely on the fact that nobody knows the URLs – but if they do, they can access them without limitation.) There are many potential holes – a user could bookmark a URL; it could be embedded somewhere on a page; it can be stored in server, browser, and proxy logs…