Ask HN: Endpoint Security Question

2 points

6 years ago

Random question that perhaps someone could shed some light on.

My buddy and I are having an argument regarding one of our pages. The page is for unsubscribing from emails. Simple enough, the endpoint looks like this:

Blah blah.com/[email protected]

This takes them to a page saying. “Thanks, John for visiting your email preferences page”.

From there they manage their email preferences.

I told him that this is a super insecure design, and theoretically someone could brute force usernames and emails from this.

Am I overreacting? What am I missing here?

2 comments