Need a little thinking help

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

Post Reply
AGISB
Forum Contributor
Posts: 422
Joined: Fri Jul 09, 2004 1:23 am

Need a little thinking help

Post by AGISB »

I probably have thought a little bit too long abut this issue and I might need a new idea here.

Here is what I got:

I programmed a webside database driven news system. All correspondence is done by the system and not by email. Outside emails are filtered and also written into the system. Outbound emails are only allowed by employees and not by users.

The messages are stored with an autoincrement message-id. If a user logs in the mails belonging to his username are read and he can access, save, print them. The messages are displayed by GET as I don't like to place forms all over the place. As I am kind of security paranoid I am kind of in a thinking loop now.

1. To avoid other users to access mail by simply changing the id in the url the username is always compared and the request is denied except for the legitimate user.
2. To simply avoid users to even try to try other numbers I added a short hash to the Url as well. (kind of useless I know)

So at this point the url looks something like : messageid=567&hash=a3b7a780

Now I got 2 issues. If a user saves a message it will get a filename like message-567.txt and in the url a user could also see the message number.

The problem is that another compeditive company could judge the amount of traffic and revenue by counting how many messages are written into a system in a day, week, month etc.


Now my thoughts to solve this aren't satisfying for me yet.

1. disguise the number in the url by making it part of the hash. (obscurity is bad security)
2. crypt the number (possible problems with spaces in a URL)
3. use a user_message_id to display the messages. (problem see below)

The problem with 3 is that I need to take care of 2 user_message_id's which cannot be autoincrement. 1 for the sender and another for the receiver as they both would require that ID. This might lead to duplicate entries as 2 messages could interfere with each other.

I am not quite sure which way to go and maybe someone has another idea that would help me think this thru.
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Post by josh »

Just use auto increment, you can deny un-authed users by doing an if statement to see if the ID they are requesting belongs to them.

If you want to disguise the amount of emails that has been sent, just start counting at 235235 or something.
McGruff
DevNet Master
Posts: 2893
Joined: Thu Jan 30, 2003 8:26 pm
Location: Glasgow, Scotland

Post by McGruff »

Rather than putting id's in the filename, you could concatenate the message subject with time() or generate a random number.
Post Reply