Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
L
L
Lu_den2015-02-22 21:17:49
In contact with
Lu_den, 2015-02-22 21:17:49

Instead of full registration - only authorization through VK. Safely?

I'm doing a project completely focused on VK. Accordingly, I think to implement only standard authorization using VK. On the other hand, this is a paid service, so security is important. Therefore, I want to additionally attach an e-mail address for each user and verify it.
As a result, a person will simply click "Login via VKontakte"; mail will remain for emergency cases - for example, a ban or account hacking. The login password will not be used. Why is this option bad? What can be pitfalls?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

6 answer(s)
Report
S
Sergey, 2015-02-22
@edinorog

depending on what. if from stealing a million dollars from a credit card account on a service or stealing state secrets on a resource .. then it will not save. it's too easy lately to get confirmation via sms on your left cell phone... and from stealing nude pics from a hidden album if you're a movie star with a lot of fans. for the rest you become Elusive Joe =).

Report
A
Andrey Myvrenik, 2015-02-22
@gim0


Why is this option bad?
The user may not have a VK account for various reasons, or may not want to link their profile to a third-party service for privacy reasons. And of course, dependence on VK - problems on their side mean problems on yours.

Report
E
elCreator, 2015-02-22
@elCreator

If a user is banned from VKontakte (which happens often), he will no longer be able to enter you, and he will not be able to restore his data from you either.

Report
V
Vyacheslav Barsukov, 2015-02-23
@slavabars

There is nothing wrong with this authorization. Only after confirming the email make it possible to enter it.

Report
S
Saboteur, 2015-02-23
@saboteur_kiev

For your case, almost everything is suitable.
But you need to remember that a VK account can also be stolen and hacked and complained to block the page (in our project there was decent online, sometimes in clan wars the pages of individual players were specially blocked before the attack)
It would be nice if the player could enter your project if he is suddenly blocked by VK, but it's up to you.

Report
R
Renat Bugrov, 2015-02-23
@renat79

of course safe. Well, you log in through FSB)
but seriously - you can really narrow the audience if you leave only the log through VK

Similar questions
N
Noxvil2015-04-30 15:20:42
How to get a 3d model in a certain format? 4Reply
K
kolomiec_artiom2020-07-06 11:37:00
How to load default profile in Selenium Chrome? 1Reply
A
Ambrel2018-07-11 17:43:11
Question about VK message? 1Reply
U
Uniq2016-02-24 13:08:03
Sending a VKontakte message curl how to deal with captcha? 5Reply
P
Pruved2021-10-07 07:06:11
VKontakte session after account unfreeze. Session control eternal? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question