0
Email-confirm-url
I have created an url: path(r'myurl/<str:userid>/<str:username>>', views.MyView.my_def, name = 'myname') The client receives an email with this link, to confirm his email-address. Now I'm wondering, if it makes sense - from a security-perspective - to put some kind of identifier in the code. Some kind of token, or the users session-id. Otherwise I think s.o. could guess the next id and then confirm an email-adress, he has actually no access to. Does that make sense? Best practices?
3 Antworten
+ 2
Why don't you try the user management from django.
+ 2
You can follow this tutorial
https://medium.com/@frfahim/django-registration-with-confirmation-email-bb5da011e4ef
+ 1
Reinventing the wheel :)
Thank you for your input! I'll try this next time!