0

A website hosts private/personal information at a very long and unpredictable URI, yet access to this URI is completely unauthenticated. Are there any major security issues with this?

I can think of some straight away:

  • Search engines might index the information if the link ever appears anywhere on the web
  • It would be trivial to access the information by simply looking at someone's screen and remembering/taking a photo of the URI
  • Alike to the above, the data would also be very accessible from the user's browsing history
  • Depending on various factors, the URI might be brute-forced eventually

Are there any others?

user9123
  • 563
  • 3
  • 10
  • Does this answer your question? [Can I replace username and password with a long random text in URL?](https://security.stackexchange.com/questions/107156/), [Is a long, random string in a URL considered adequate protection from unauthorised access?](https://security.stackexchange.com/questions/83801), [Are random URLs a safe way to protect profile photos?](https://security.stackexchange.com/questions/58215/), [Can I replace username and password with a long random text in URL?](https://security.stackexchange.com/questions/107156/) and more like this. – Steffen Ullrich Feb 13 '21 at 19:19
  • @SteffenUllrich yes it does. Thank you! I searched SE before asking but couldn't find these. – user9123 Feb 13 '21 at 20:10

0 Answers0