Hacker News new | past | comments | ask | show | jobs | submit login

Probably the best thing to do is set the access count limit to one. That way, no one else will be able to access it after the intended recipient does. And if a 3rd party accesses it before the intended recipient, then the intended recipient will not be able to access it and at least you'll have an indication that it was intercepted.



> Probably the best thing to do is set the access count limit to one.

You’d better use at least two. Nearly every email service in 2021 has anti-malware and anti-phishing which was inspects links as a security feature. This often breaks poorly designed “one time” links like password resets that incorrectly use non-idempotent GET requests.


Interesting, good point. Unfortunately that means that you can no longer be sure that it hasn't also been accessed by a malicious third party though.


Now you're in a trust relationship with receiving party's antispamware? Great




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: