Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.
Hi all, I'm new to php and I have started a project for a doctors office. They would like people to be able to send medical history threw the site. I can see how this is extremely dangerous. At the moment they would like it to be sent to an email address. Is this a safe way to send this information? at the moment im looking at code like this:
Email is inherently unsafe unless it is encrypted. Even then, there is no guarantee of confidentiality. The web itself is unsafe unless it uses HTTPS secure protocol. In my opinion, medical histories are highly confidential information. There are several levels of vulnerability: first, unencrypted data sent over the Internet can be intercepted, whether it is email or web data or ftp or any other protocol; then, once data is received, there are local security issues such as who in the office has visibility of email or databases; any data sent back to a patient is also vulnerable to viewing by household members who are not the patient. To summarize, if I were a patient of a doctor who implemented such a system, I would quickly find a new care-giver.
However, this seems like a terrible project design. If I were creating such a system I would urge my client to store all data collected from the user in the database, and then display it on the site within a password protected section. Mailing it just seems lazy.
Last edited by Attilitus on Mon Jun 09, 2008 3:16 am, edited 1 time in total.
No, it's not. The function is dangerous and the way it's used is vulnerable to email headers injection.
Please kindly refrain from saying something is "no cause for alarm" without offering some proof next time.
Ah, sorry bad language. I've edited my post to prevent confusion. I meant it in response to the previous poster who was alarmed at the inherent insecurity of email. The OP's original function of course needs input sanitization, and data passed to the mail() function ought to be given the same due consideration as data passed through DB functions.
In some states, having a system that unsafe would be grounds for removing their professional license. Actually I just made that up; but I wouldn't be surprised if that were the case.