Convenient registration

    I remember how I was pleasantly surprised by the very convenient authorization mechanism on one resource that is being actively discussed today. Yes, register and automatically enter the site by entering the login and email address directly on the main page - this is a freaky chip. Head spinning from web dvuhlennosti from the first seconds of being on the site.



    No captcha and registration confirmation, just fill out two fields - and we can already vote for topics, add comments, send messages via internal mail to any other user ... Beauty. But is such a “quick registration” good from a security point of view? Definitely not! Do not do this, or it will be like this:



    While writing a post, they patched a hole (wrote about this to the developers). Already send a message before activation fails. Great. :)

    Let me forgive me the person to whom I sent the test message, as well as those unfortunate, with strange, most likely nonexistent, addresses of the form qweeqwqwewq@ukr.net that may receive letters to activate accounts.

    Also popular now: