URL中的电子邮件地址 [英] Email addresses inside URL

问题描述

在URL中使用电子邮件地址是否安全? 我的意思是说一个Web应用程序有一个注册用户"Bob"，而Bob已通过使用他的电子邮件=> Bob@hisemail.com进行了注册.现在您有什么看法，应用程序是否可以安全地接受和处理//application.com/Bob@hisemail.com上的GET请求以及每个用户使用的相同类型的URL?

Is it safe to use e-mail addresses inside URLs? I mean lets say a web-application has a registered user "Bob" and Bob has been registered by using his email => Bob@hisemail.com. Now what's your opinion, is it safe for the application to accept and work with GET requests on //application.com/Bob@hisemail.com and the same kind of URLs for every user?

推荐答案

基本上，这取决于您是爱还是恨用户.当您执行建议时，这些URL会在网络上的HTML页面上传播.不必局限于您自己的网站，因为人们可能会链接到它.

Basically it depends on if you love or hate your users. When you do what you suggest, these URLs will spread on HTML pages on the web. Not necessarily confined to your own site, because people may link to it.

当页面获得足够的吸引力以变得重要时，垃圾邮件机器人的爬虫作者将注意到并向其爬虫添加规则，以从URL中提取电子邮件地址.甚至可能没有必要，因为有些笨拙的正则表达式可能已经找到了未经改编的电子邮件.

When your page gains enough traction to become important, crawler authors for spam bots will notice and add rules to their crawlers to extract the email address from URLs. It might even not be necessary, because some dumb regexes might already find the email without adaption.

然后，用委婉的说法，您的用户的电子邮件地址将进入垃圾邮件发送者的列表，并获得不需要的广告". (这些电子邮件列表也将具有很高的价值，因为它们被验证"为真实的现有列表.)

Then, your users' email addresses will land on spammers' lists and get "unwanted adverts", euphemistically speaking. (These email lists will be rather high-valued, too, because they are "verified" to be real, existing ones.)

您在这里所做的就是私下使用您的用户信任您的身份证明.除非您的用户告诉您，否则永远不要公开该消息！

What you're doing here is giving away a private bit of identification your users trusted you with. Never ever allow that to be in public, unless your users told you so!

从技术角度来看，您可以轻松解决问题.

From a technical perspective, you can just go for it.

这篇关于URL中的电子邮件地址的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！