How do these work?
For example, a confirmation url might “https://twitter.com/confirm_email/myusername/93838282292838”
What is that last section of the url and is anything stopping someone from just sneezing on their keyboard and typing it out and confirming someone else’s email address?
I assume the end is a hashed ID or something. Chances of guessing it along with the username is one in a million. But I’m just really curious :)
Chances of guessing are more like 1 / 100.000.000.000.000, if it’s always 14 digits. Might be some kind of hash, might be random, but the chance of your cat walking over the keyboard confirming some one else’s email address is nil.
You must be logged in to reply to this topic.