undefined | Better HN

0 pointskornnflake13y ago0 comments

That's not your mailaddress in the URL. It's like a password to access the inbox later :)

0 comments

Hmm... But why should the 'password' URL be so similar to the mail address. Doesn't this mean that if I know your mail address, I can fairly easily guess the secret URL to let me see that inbox?

(Granted that in the most common use case, if I know the email address, I probably know what's in the inbox, since I am likely the person who sent the message. But still, why not make these 2 different random strings?)

A couple more examples: 1QjYwHNM vs 1QjYwHOc 1Qk07A9x vs 1Qk07A9X

nwh13y ago

Yeah, the developer is going to want to fix that quick smart. At a complete guess they are two strings being generated in quick succession from the same seed, and they both happen to be very close. End result is that I can guess your email.

Sami_Lehtinen13y ago

Also email addresses are in really tight set and easily guessable. So that system should be fixed in general. Not just for address / password issue. But also getting proper address distribution.

1 more reply

aaronpk13y ago

Cool, thanks.

j / k navigate · click thread line to collapse