On Thu, Aug 26, 2010 at 4:34 PM, Bill Moseley <mose...@hank.org> wrote: > > > On Thu, Aug 26, 2010 at 4:10 AM, David Schmidt <davew...@gmx.at> wrote: >> >> 1) user enters mailaddress and hits submit >> 2) you generate a digest >> 3) store digest + mailaddress in model > > I currently collect info and store and then also save the digest. After > seeing how much cruft get collected, I'd be tempted now to first send out > the "invitation" to their email which brings them back to a sign-up form. > The invite URL can contain their email, a timeout, and a digest so nothing > needs to be saved server side. > > -- > Bill Moseley > mose...@hank.org > > _______________________________________________ > List: Catalyst@lists.scsys.co.uk > Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst > Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ > Dev site: http://dev.catalyst.perl.org/ > >
The invite URL could contain a digest of the mailaddress, in the signup form the mailaddress is checked against the digest and could be verified that way. if the digest is generated with a private key it'll be difficult to forge it. _______________________________________________ List: Catalyst@lists.scsys.co.uk Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/ Dev site: http://dev.catalyst.perl.org/
