Categories
Mastering Development

php – Is using a UUID in a newsletter unsubscribe link, secure enough?

I’m working on a php newsletter script. I’ve got a MySQL table of subscribers where each user has a UUID assigned and wondered if using it in the unsubscribe link would be secure enough.

I build it by replacing the href attribute together with the query and the UUID that matches the user’s email:

// Get UUID based on submitted email

$link = "href='https://example.com/unsubscribe.php?id=$uuid'>unsubscribe</a>)";

$html_message = file_get_contents('welcome_template.html');
$html_message = str_replace('href="">unsubscribe</a>', $link, $html_message);

// Headers and stuff

mail($email, $respond_subject, $html_message, $headers, '-fhello@example.com');

By secure enough I mean if it is considered a bad practice and if it’s easy to predict the UUID after some queries.

Leave a Reply

Your email address will not be published. Required fields are marked *