December 2010
Intermediate to advanced
363 pages
12h 21m
English
book
Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second Edition
by Chris Snyder, Michael Southwell, Thomas Myer
Content preview from Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second EditionBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Using a Working Email Address for Identity Verification
Many online applications demand possession of a valid email address as a condition of membership, imagining it to be a proof of identity. But it is trivially easy to make up a valid email address, and having a valid email address should never be confused with having a working email address. A user with an actual working email address is thought to be findable.
Even though the number of email addresses is infinite, the number of domain names is finite, and domains are registered to identifiable entities. The name and address of a mailbox provider, an Internet Service Provider (ISP), or an organization can be determined simply by looking at domain registration records. Since most ISPs are ...