Gone In Six Characters: Short URLs Considered Harmful for Cloud Services (Freedom to Tinker)

Posted Apr 15, 2016 11:10 UTC (Fri) by alonz (subscriber, #815)
In reply to: Gone In Six Characters: Short URLs Considered Harmful for Cloud Services (Freedom to Tinker) by epa
Parent article: Gone In Six Characters: Short URLs Considered Harmful for Cloud Services (Freedom to Tinker)

It actually is quite common to have a URI act as a password: just look e.g. at the URIs for Google photos.

And there is good reason for this practice—it enables the photo owner to share it with friends without them having to sign in. So sure, it's limited (if the URI leaks, it's usable by anyone) but it is a valid trade-off.