On Wed, Sep 10, 2008, Dave Warren <[EMAIL PROTECTED]> wrote: > In message <[EMAIL PROTECTED]> > Simon Waters <[EMAIL PROTECTED]> wrote: > > >Why do transfer in emails to TUCOWS require the registrant to enter the > >domain > >name and a password from the email? > > > >Couldn't this simply be encoded in the URL in the email? > > > >It annoys me every single time I see one. > > It's a good theory, but in practice, links get hit automatically all the > time, especially with prefetchers and poorly thought out virus scanners > this can include form submissions. > > Requiring the user to enter information from the email reduces the odds > of a bot randomly hitting the right button and approving a transfer. > > Pre-filling the domain would be smart, but the confirmation code is a > reasonable defense.
Pre-filling the confirmation code is fine too (or hiding the confirmation code as well since it means nothing to the user). If anything automatically submits a POST request, it is by definition broken and nothing on the Internet will work for them. The point of a POST request is that is non-idempotent. JE _______________________________________________ domains-gen mailing list [email protected] http://discuss.tucows.com/mailman/listinfo/domains-gen
