Hacker News new | past | comments | ask | show | jobs | submit login

I believe it is generally considered unwise to attach your authentication token to the URL, as it's highly likely to end up in a bunch of access logs.



If the token is only good for one use or for a short period of time (minutes not hours) it's probably fine. I've used them in URL's for invite links. One time use that expire after a short amount of time. Probably not perfect for high security applications like banks or health care but for most applications it's fine.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: