Thanks for your comment. I would like to eplain more my situation. Assump that you have 2 users Officer and Approver. The Officer create a report and send it to Approver to be accepted or denied.
The Approver receives an URL which meantioned within the email. He click the link: 1/ He can login the system without username & password 2/ Redirect to the report detail I know that the apperance of this link is high risk and have warned the Approver about ".. please keep the link in secure..". Moreover, I have added a lifetime to reduce the risk (because when the report is approved, the link is invalid, it looks like the URL used to activate the user after registration). Please tell me what is the best solution for this? On May 7, 4:14 am, Elte Hupkes <ell...@gmail.com> wrote: > Yes, URLs are encrypted over SSL (incidentally the reason you used to > be unable to host multiple domains under the same certificate - the > server couldn't make out which domain to serve). However, I would > consider sending private data in a URL a bad idea regardless of > whether it's encrypted or not; it shows up in browser history for > example, and you really want to avoid that. > > On May 6, 8:15 pm, datgs <giangson...@gmail.com> wrote: > > > > > > > > > I have an URL under HTTPS. > > >https://domain.com/privatekey/550e8400-e29b-41d4-a716-446655440000 > > > Is the request path (privatekey/550e8400-e29b-41d4-a716-446655440000) > > encrypted like POST or GET params? -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
