它要求用户提供一个电子邮件地址有什么好处,只需要我们发送一封电子邮件来完成注册过程? 它当然不会防止(D)DoS攻击,我不明白它是如何增加安全性的。
What good does it do to require the user to provide an email address, just so we send him/her one email to complete the registration process? It certainly won't protect against (D)DoS attacks, and I don't see how it increases security.
最满意答案
我想到的第一件事是它可以让他们真正确认账户。 它是一个简单的事情,双重检查用户是否实际注册了帐户并且真正需要它。 (见情景)
情景A:
我讨厌乔治,所以我会为他签下所有这些网站。 这样他就从他们那里得到了他不想要的所有邮件。
情景B(夸大)
有人决定注册十亿个帐户。 没有确认你的网站现在有十亿个帐户永远不会被使用。 此外,如果这些是合法的电子邮件,那么合法用户无法注册。 (再次发生的可能性更小)
The first thing that comes to my mind is that it allows them to actually confirm the account. Its a simple thing that double checks that the user actually signed up for the account and actually wants it. (See Scenario)
Scenario A:
I hate George so I am going to sign him up for all of these websites. That way he gets all this mail from them that he does not want.
Scenario B(Exaggerated)
Someone decides to register a billion accounts. With no confirmation your site now has a billion accounts that are never going to be used. Also if these are legit emails then a legit user could not register with them. (Again much more unlikely to happen)
更多推荐
发布评论