Need a little thinking help
Posted: Sat Aug 20, 2005 2:46 am
I probably have thought a little bit too long abut this issue and I might need a new idea here.
Here is what I got:
I programmed a webside database driven news system. All correspondence is done by the system and not by email. Outside emails are filtered and also written into the system. Outbound emails are only allowed by employees and not by users.
The messages are stored with an autoincrement message-id. If a user logs in the mails belonging to his username are read and he can access, save, print them. The messages are displayed by GET as I don't like to place forms all over the place. As I am kind of security paranoid I am kind of in a thinking loop now.
1. To avoid other users to access mail by simply changing the id in the url the username is always compared and the request is denied except for the legitimate user.
2. To simply avoid users to even try to try other numbers I added a short hash to the Url as well. (kind of useless I know)
So at this point the url looks something like : messageid=567&hash=a3b7a780
Now I got 2 issues. If a user saves a message it will get a filename like message-567.txt and in the url a user could also see the message number.
The problem is that another compeditive company could judge the amount of traffic and revenue by counting how many messages are written into a system in a day, week, month etc.
Now my thoughts to solve this aren't satisfying for me yet.
1. disguise the number in the url by making it part of the hash. (obscurity is bad security)
2. crypt the number (possible problems with spaces in a URL)
3. use a user_message_id to display the messages. (problem see below)
The problem with 3 is that I need to take care of 2 user_message_id's which cannot be autoincrement. 1 for the sender and another for the receiver as they both would require that ID. This might lead to duplicate entries as 2 messages could interfere with each other.
I am not quite sure which way to go and maybe someone has another idea that would help me think this thru.
Here is what I got:
I programmed a webside database driven news system. All correspondence is done by the system and not by email. Outside emails are filtered and also written into the system. Outbound emails are only allowed by employees and not by users.
The messages are stored with an autoincrement message-id. If a user logs in the mails belonging to his username are read and he can access, save, print them. The messages are displayed by GET as I don't like to place forms all over the place. As I am kind of security paranoid I am kind of in a thinking loop now.
1. To avoid other users to access mail by simply changing the id in the url the username is always compared and the request is denied except for the legitimate user.
2. To simply avoid users to even try to try other numbers I added a short hash to the Url as well. (kind of useless I know)
So at this point the url looks something like : messageid=567&hash=a3b7a780
Now I got 2 issues. If a user saves a message it will get a filename like message-567.txt and in the url a user could also see the message number.
The problem is that another compeditive company could judge the amount of traffic and revenue by counting how many messages are written into a system in a day, week, month etc.
Now my thoughts to solve this aren't satisfying for me yet.
1. disguise the number in the url by making it part of the hash. (obscurity is bad security)
2. crypt the number (possible problems with spaces in a URL)
3. use a user_message_id to display the messages. (problem see below)
The problem with 3 is that I need to take care of 2 user_message_id's which cannot be autoincrement. 1 for the sender and another for the receiver as they both would require that ID. This might lead to duplicate entries as 2 messages could interfere with each other.
I am not quite sure which way to go and maybe someone has another idea that would help me think this thru.