Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
Say my application has users, and each user is uniquely identified by their email address. In that case, it makes sense to use the natural key of email rather than using an auto incrementing ID as the primary key, which is common in most systems.
Then, in my REST API, would it be okay to access a particular user like this?
https://api.whatever.com/v1/users/john#smith.com
Traditionally, you'd use the user ID in place of john#smith.com, but in my application the email address is the unique identifier for user accounts.
What would you pick? Using email as a natural key in REST URLs or create a user ID field to use instead?
I would use a user id. A person and their email address don't have a 1 to 1 relationship and they don't have the same life cycle, so using one as the identifier for the other is a bad idea.
People may have more than one email. Maybe they don't have an email account (it happens). Maybe they change their email. If you use the email address as the key, you might run into problems later on.
Should be url encoded
https://api.whatever.com/v1/users/john%40smith%2Ecom
Else fetching by id could by faster than by mail, and maybe you want to open the API to another application person, that should get the knowledge of the E-Mail address
Related
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 4 years ago.
Improve this question
I am new to Firebase, I am using Swift 4, There are lots of examples to do basic user authentication but I would like to know how I can create users as either admin or with basic access level and I would like to be able to determine when the user is logged in if he is admin or just a basic user?
Any concrete example on github based on KSigWyatt's answer below would be really appreciated.
Thank you
I would recommend that you use Firebase Database and save an attribute (something like isAdmin as a bool flag) for the user permissions.
There's no way to save application specific user attributes within Authentication. The only data that Auth stores are things like email address', social accounts, passwords of the user accounts.
First
Try something like this for your database:
Database/
Users/
UID/ -- Each of these are Unique
id: -Lrye7w8qtrewfr
isAdmin: true
...
...
...
Afterward...
Using ref.observeSingleEvent() once the user is logged in will return the snapshot for the child Document/Table "User" and the second child of the user's UID via Auth.auth().currentUser.uid
Capture the return using the same key as the attribute in the database. ["isAdmin"]
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I am creating a facebook login functionality for my website.
When user login through facebook , then I want to fetch emailId ( which can come with public profile ).
Is it possible ( in any case ) that when I fetch public profile then it does not contain users email Id ?
Thanks
Amit Aggarwal
There are very less chances that you'll get email without asking for its permission as a public info.
You gotta ask for permission email to get one. But still there could be chances (3-4 in 100) that you'll not get email even when user gave you the permission and you can do nothing about that. You can check out this discussion for the reasons: Register with Facebook sometimes doesn't provide email
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
This is a problem because when I do email campaign, There is a link on the email, that link to my company homepage, I would like to differentiate between the visitor come from another way (e.g. search on google) or the visitor come from the email I have sent.
Notice that they should come form a email instead of a website,
Is it able to check such kind of information ? And is it possible to differentiate between campaign 1 and campagin 2 with same link? Thankyou
You cannot differentiate between an email vs web campaign link unless that link is tagged for campaign tracking. Campaign link tracking requires that you append additional data to the query params of a link according to specific conventions required by GA in order to differentiate between different campaigns.
Other wise, Google Analytics would not be able to differentiate between the same links from email vs banner links on a very granular level.
http://support.google.com/googleanalytics/bin/answer.py?hl=en&answer=55540
Google Analytics is the easiest way to do this. get an account, copy and paste the code they give you and they keep track of all of this for you in the traffic sources tab under the referrals traffic and even give you the exact url of the site your visitors are coming from. including emails and yes I believe you can differentiate between campaigns.
here is the url
http://www.google.com/analytics/
Google Analytic is perfect, just what you need.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 2 years ago.
Improve this question
Is it simply an artifact of the old fear (still around in some places) of cookies?
I also would like to know if it is bad practice to simply pass in user names from an outbound email.
Nothing is stopping the web app from always remembering the user for as long as they want on particular computer without asking explicit permission from the user. However, doing so has security and privacy implications on shared computers.
Imagine you go to a cyber-cafe or a library, sit on a shared computer and login to your bank website (which you shouldn't do from such places anyway :-)). The bank website tries to be "smart" and persists a cookie with a ticket based on your credentials. When you're done, you close the browser without logging off. Next person sits down, opens the browser, looks at the history and goes to the bank site. And now they have magically access to all your money.
That would probably be the last time you use that bank for anything.
Update: To answer the second part of the question (and the comment below)
If you are afraid of URL injection, you should probably not specify the username in the email URL itself. Instead, generate a one-time token (you could use a one-way hash of the user name and a website secret for example), which wouldn't mean anything to an external site, but would allow you to extract the user identity and prepopulate the field on the page.
Keep in mind that you should not include in the URL in the email enough information, so that clicking on that link would authenticate the user to your site. You still want the user to prove their identity.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 13 years ago.
Improve this question
I know many folks try to find emails form blogs but, I'd like to do the opposite.
For example, if I have someone's gmail email address, could I find out if they have a blogger account? a word press account?
No, and maybe.
While Blogger makes it possible to go from a profile page to an email address (example 1, example 2), there's no public index of those pages.
Wordpress.com doesn't have those type of standardized profile pages, so your chances of getting something there are zero.
If you have Yahoo IDs, you may be able to look up users' Yahoo profiles, which can either reference websites the user's associated with (example 1, example 2), or contain a Yahoo blog (example).
Get name portion of email address (everything before #), say "foobar"
Create URL "http://foobar.wordpress.com" and execute it with you preferred server technology (say HttpClient in Java)
Check response code - for the existing site it will be 200, for non-existing it will be 302 (redirect) and you can also check that you are not redirected to en.wordpress.com
You can do similar things with other type of sites that support naming conventions of user.site.com or www.site.com/user.
Of course there's no guarantee that based on the name that blog will belong to the same person, and there's plenty of blogs that have custom URLs all together
Alternatively use Google and parse results
Thats doubtful. You might be able to crawl those sites and see if you can find a matching email address inside the blog. Services don't generally allow anonymous lookups of their users info, for obvious reasons.