题
I am designing a website for a client to sell their services. Basically my client simply wants customers to book slots in appointments diary via paypal and be able to manage their bookings. My strategy is simple registration using email address and generating a 10 digit random booking reference which I will use as a password so that the users find it convenient to use the site (get rid of registration and other stuff). My question is there any security issue if I display the password after a client has made a booking? or should I do it like 4chan i.e just enter email address and password yourself?
解决方案
Remember that everything you show or send to the user can be read by others. I wouldn't use your approach, but it depends on the purpose of the application and what a (malicious) user can do in your system (e.g. is it read only or can he make changes in bookings?).
In any case I would secure the website with an SSL certificate (which is probably enforced by law as well since you're dealing with personal data).
https://stackoverflow.com/questions/21172605
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian