"Convenient" registration
I remember how I was pleasantly surprised by a very convenient authorization mechanism on one resource that is actively discussed today. Yes, register and automatically log in to the site by entering your login and email address right on the main page - this is a plague. The head is spinning from the webdvolnosti from the first seconds of stay on the site.
No captcha and registration confirmations, just fill two fields - and we can already vote for topics, add comments, send messages by internal mail to any other user ... Beauty. But is such a “quick registration” good in terms of security? Definitely not! Don't do that and it will be like this:
')
While writing the post, the hole was patched (the developers wrote about it). Already send a message before activation fails. Great. :)
Let me be forgiven by the person to whom I sent a test message, as well as those unfortunate, with strange, most likely non-existent, addresses of the type qweeqwqwewq@ukr.net, to whom letters may come to activate accounts.
No captcha and registration confirmations, just fill two fields - and we can already vote for topics, add comments, send messages by internal mail to any other user ... Beauty. But is such a “quick registration” good in terms of security? Definitely not! Don't do that and it will be like this:
')
While writing the post, the hole was patched (the developers wrote about it). Already send a message before activation fails. Great. :)
Let me be forgiven by the person to whom I sent a test message, as well as those unfortunate, with strange, most likely non-existent, addresses of the type qweeqwqwewq@ukr.net, to whom letters may come to activate accounts.
Source: https://habr.com/ru/post/29996/
All Articles