clients editing information w/o authentication--advice needed

From: Bosconian (bosconian_at_planetx.com)
Date: 10/30/04 

Date: Sat, 30 Oct 2004 04:19:07 GMT

I have a client that provides a list of companies on their web site (powered
by PHP/MySQL.) These companies advertise their services to visitors. The
company information has been maintained exclusively by the client, but now
they would like to provide a way for the companies to update their own
information.

Can someone suggest a reasonable secure method to allow the companies to
edit their own information without a login and authentication procedure? One
idea is to provide each customer an URL which includes an encrypted token.
The token could be generated using a unique piece of data like an email
address or telephone number. It could be decrypted serverside and validated.
I've done something similar for other clients on a tight budget and it
worked well, but am wondering if there's a better approach without adding
full-fledge authentication.

All comments/suggestions are appreciated.