Email Security

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
tex1820
Forum Newbie
Posts: 2
Joined: Sun May 18, 2008 9:22 am

Email Security

Post by tex1820 »

Hi all, I'm new to php and I have started a project for a doctors office. They would like people to be able to send medical history threw the site. I can see how this is extremely dangerous. At the moment they would like it to be sent to an email address. Is this a safe way to send this information? at the moment im looking at code like this:

Code: Select all

<?php
  $names = $_REQUEST['names'] ;
  $email = $_REQUEST['email'] ;
  $message = $_REQUEST['message'] ;
 
  mail( "James@*************", "Message From SpadDesigns.info",
    $message, "From: $names @ $email" );
  header( "Location: thankyou.html" );
?>


Is this a safe way to send this information?

Thanks,
James :drunk:
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: Email Security

Post by Mordred »

No, it's not safe. You may start by reading what the manual has to say on the funcions you call.
User avatar
califdon
Jack of Zircons
Posts: 4484
Joined: Thu Nov 09, 2006 8:30 pm
Location: California, USA

Re: Email Security

Post by califdon »

Email is inherently unsafe unless it is encrypted. Even then, there is no guarantee of confidentiality. The web itself is unsafe unless it uses HTTPS secure protocol. In my opinion, medical histories are highly confidential information. There are several levels of vulnerability: first, unencrypted data sent over the Internet can be intercepted, whether it is email or web data or ftp or any other protocol; then, once data is received, there are local security issues such as who in the office has visibility of email or databases; any data sent back to a patient is also vulnerable to viewing by household members who are not the patient. To summarize, if I were a patient of a doctor who implemented such a system, I would quickly find a new care-giver.
tex1820
Forum Newbie
Posts: 2
Joined: Sun May 18, 2008 9:22 am

Re: Email Security

Post by tex1820 »

Ok, thank you everyone. I will bring this info back to my client
Attilitus
Forum Commoner
Posts: 27
Joined: Wed Aug 08, 2007 2:32 pm

Re: Email Security

Post by Attilitus »

[Removed]

However, this seems like a terrible project design. If I were creating such a system I would urge my client to store all data collected from the user in the database, and then display it on the site within a password protected section. Mailing it just seems lazy.
Last edited by Attilitus on Mon Jun 09, 2008 3:16 am, edited 1 time in total.
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: Email Security

Post by Mordred »

Attilitus wrote:That function is perfectly safe
No, it's not. The function is dangerous and the way it's used is vulnerable to email headers injection.
Please kindly refrain from saying something is "no cause for alarm" without offering some proof next time.
Attilitus
Forum Commoner
Posts: 27
Joined: Wed Aug 08, 2007 2:32 pm

Re: Email Security

Post by Attilitus »

Ah, sorry bad language. I've edited my post to prevent confusion. I meant it in response to the previous poster who was alarmed at the inherent insecurity of email. The OP's original function of course needs input sanitization, and data passed to the mail() function ought to be given the same due consideration as data passed through DB functions.
LBmtb
Forum Newbie
Posts: 23
Joined: Wed May 14, 2008 11:14 am

Re: Email Security

Post by LBmtb »

In some states, having a system that unsafe would be grounds for removing their professional license. Actually I just made that up; but I wouldn't be surprised if that were the case.
Post Reply