[SOLVED] secure way to approve something via email

[dadamssg]

I've written a script that sends me an e-mail that notifies me someone has posted an event to my calendar. I want in that email a link for me to approve the event and a link to delete the event depending what i decide after i read the description i've included in the email(mysite.com/approve.php?id=235 and mysite.com/deny.php?id=235). I want to be able to click those links and do those actions from my blackberry. Is there a secure way to set this up? I can't think of a way for me to do this besides setting the approve and denial scripts to reallllllly obscure urls so there wouldn't be a way for anybody to guess the urls and perform those actions. But that isn't secure at ALL. Thanks for any and all suggestions!

[dadamssg]

???

[haku]

That's exactly how you do it - you set the URL with a random code attached to the end.

 

For example:

 

www.example.com/delete.php?key=ads891ad23ewq489dsa

 

But by very virtue of the fact that you are sending this by email, it's not the most secure system. But, unless you are a bank or something, you probably don't have anything to worry about.

[dadamssg]

alright, thanks for your response, i guess i could set two variables in the url, one a random hash attached to that event that gets stored in the db with the event and the other the event id number. then i would have those numbers set to a link like...delete.php?id=234&key=daglkj235235j23lj that would be included in my email. That way they would have to know the event id and then somehow guess the hash.