Security implications of protecting private data with a long URI exclusively

Asked Feb 13 '21 at 18:30

Active Feb 13 '21 at 18:30

Viewed 19 times

A website hosts private/personal information at a very long and unpredictable URI, yet access to this URI is completely unauthenticated. Are there any major security issues with this?

I can think of some straight away:

Search engines might index the information if the link ever appears anywhere on the web
It would be trivial to access the information by simply looking at someone's screen and remembering/taking a photo of the URI
Alike to the above, the data would also be very accessible from the user's browsing history
Depending on various factors, the URI might be brute-forced eventually

Are there any others?

asked Feb 13 '21 at 18:30

user9123

Does this answer your question? Can I replace username and password with a long random text in URL?, Is a long, random string in a URL considered adequate protection from unauthorised access?, Are random URLs a safe way to protect profile photos?, Can I replace username and password with a long random text in URL? and more like this. – Steffen Ullrich Feb 13 '21 at 19:19
@SteffenUllrich yes it does. Thank you! I searched SE before asking but couldn't find these. – user9123 Feb 13 '21 at 20:10

Security implications of protecting private data with a long URI exclusively

0 Answers0