Is there any issues with having one's email id in the URL for a web application?
a) Technically, is this an issue?
b) Or is it some kind of convention to NOT have the email id in the URL? And rather have something like /user/:id?
+1
A:
If it's being passed via clear text, it can be intercepted and harvested by spammers. It is good practice to encrypt it before passing, and decrypt it on the other end.
rockinthesixstring
2010-02-27 15:31:46
I agree with rockinthesixstring. message-ID's in clear-text URL could allow for someone to do email-spoofing
fergNab
2010-02-27 16:20:48
Thank you. That answers my question. So, essentially, it's not really a technical issue; more of a convention.Since the entire connection is over https, I don't think that address spoofing will be possible.
globetrotter
2010-02-28 05:01:57