Email submission.

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
rubberjohn
Forum Contributor
Posts: 193
Joined: Fri Feb 25, 2005 4:03 am

Email submission.

Post by rubberjohn »

I am at the early stages of a new project and have a few questions.

At this stage all I am doing is collecting user's email addresses that may be interested in using the system.

Firstly a page describes the system, the user is then given the opportunity to submit their email address with the intention of contacting them once enough users have submitted their email address.

Secondly the user is then given the opportunity to refer friends by entering their email addresses which are used to send an invitation email to them.

What I want to know is what security concerns would this system have that I should be aware of so I can make some attempt to avoid the system being misused?

The way I initially intended on implementing this is as I have described above. Once the required number of users have submitted their email address they will be sent a second mail linking them back to the site where they will be given more complete information about the system, if they still want to use the system they will then be required to complete a traditional registration.

Would it be more efficient to require the users to register in the beginning before any emails are sent to themselves or as referals?

Thanks

rj
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

This is more of a personal preference over professional guideline:

Tell them as much information up front as possible for them to make a judgment call for themselves. I really hate having to register on a site just to find out enough information to really know what I'm registering for. Also, make the ability to remove themselves from the site a simple painless process.
rubberjohn
Forum Contributor
Posts: 193
Joined: Fri Feb 25, 2005 4:03 am

Post by rubberjohn »

i dont think I explained myself well enough...

Basically the exact implementation is not yet decided so what we are going to do is tell people what we are trying to do and if they are interested sign up and then once we have decided on the exact implementation details send them an email that will then give them the option of fully registering with the system or indicationg that they are not interested which would result in their email address being deleted from the system.

As time is quite critical we have to start attracting potential users ASAP while we work out which particular implementation would be best.
Post Reply