Home > other >  How do I make sure that links posted by the users of my website are safe and secure?
How do I make sure that links posted by the users of my website are safe and secure?

Time:11-06

I am developing a MERN app, where users share things with a link to access those things.

So these things get displayed to other users, and they can click on them, and they get redirected to that link.

This doesn't seem secure as some users can post things with malicious links.

Is there a way to verify that a link is secure and so validate the thing before it gets posted?

CodePudding user response:

This isn't possible in an automated way. Links don't include any information about themselves other than the URL they point to.

You need a list of "malicious" URLs to compare against in order to achieve this. There are services that provide such databases. But this is a never-ending game of cat-mouse.

For example, if I have a malicious website, I don't have to share the URL to my website directly, I can use URL shortener service (bitly for example) that then redirects users. This way, I easily circumvented your protection.

That's the reason browsers have their own "malicious websites" list, since they have access to the final URL you're visiting.

In short: no, there's only limited protection you can offer.

The best you can do is warn the users they're leaving your site, like Discord or Facebook do (and they do that because they can't solve this problem either).

  • Related