|
|
|
|
|
|
by raxxorraxor
1361 days ago
|
|
|
Not a lawyer but I would think since it is still a protected resource, the legal protections should apply too. I get that it looks insecure, but it is extremely unlikely to hit the correct value. Here some more info: https://en.wikipedia.org/w/index.php?title=Universally_uniqu... This is for a 128(122) bit UUID, some capability URL use other and longer values. Depends on the implementation details and if someone catches your mail, the URL is exposed. There are some security concerns because URLs are usually not treated as a secret and are saved by your browser for example where it could by exposed to other parties. But overall the mechanism is still a valid way to provide access to restricted resources without the user needing an account or login. This can happen for business because people generally don't want to register for every service. You could use a third party authentication provider, but can come with its own problems. |
|
|