Page 1 of 1

Email Security

Posted: Sun May 18, 2008 9:27 am
by tex1820
Hi all, I'm new to php and I have started a project for a doctors office. They would like people to be able to send medical history threw the site. I can see how this is extremely dangerous. At the moment they would like it to be sent to an email address. Is this a safe way to send this information? at the moment im looking at code like this:

Code: Select all

<?php
  $names = $_REQUEST['names'] ;
  $email = $_REQUEST['email'] ;
  $message = $_REQUEST['message'] ;
 
  mail( "James@*************", "Message From SpadDesigns.info",
    $message, "From: $names @ $email" );
  header( "Location: thankyou.html" );
?>


Is this a safe way to send this information?

Thanks,
James :drunk:

Re: Email Security

Posted: Sun May 18, 2008 1:33 pm
by Mordred
No, it's not safe. You may start by reading what the manual has to say on the funcions you call.

Re: Email Security

Posted: Sun May 18, 2008 3:54 pm
by califdon
Email is inherently unsafe unless it is encrypted. Even then, there is no guarantee of confidentiality. The web itself is unsafe unless it uses HTTPS secure protocol. In my opinion, medical histories are highly confidential information. There are several levels of vulnerability: first, unencrypted data sent over the Internet can be intercepted, whether it is email or web data or ftp or any other protocol; then, once data is received, there are local security issues such as who in the office has visibility of email or databases; any data sent back to a patient is also vulnerable to viewing by household members who are not the patient. To summarize, if I were a patient of a doctor who implemented such a system, I would quickly find a new care-giver.

Re: Email Security

Posted: Mon May 19, 2008 5:15 am
by tex1820
Ok, thank you everyone. I will bring this info back to my client

Re: Email Security

Posted: Sun Jun 08, 2008 10:22 pm
by Attilitus
[Removed]

However, this seems like a terrible project design. If I were creating such a system I would urge my client to store all data collected from the user in the database, and then display it on the site within a password protected section. Mailing it just seems lazy.

Re: Email Security

Posted: Mon Jun 09, 2008 3:01 am
by Mordred
Attilitus wrote:That function is perfectly safe
No, it's not. The function is dangerous and the way it's used is vulnerable to email headers injection.
Please kindly refrain from saying something is "no cause for alarm" without offering some proof next time.

Re: Email Security

Posted: Mon Jun 09, 2008 3:15 am
by Attilitus
Ah, sorry bad language. I've edited my post to prevent confusion. I meant it in response to the previous poster who was alarmed at the inherent insecurity of email. The OP's original function of course needs input sanitization, and data passed to the mail() function ought to be given the same due consideration as data passed through DB functions.

Re: Email Security

Posted: Tue Jun 24, 2008 9:15 pm
by LBmtb
In some states, having a system that unsafe would be grounds for removing their professional license. Actually I just made that up; but I wouldn't be surprised if that were the case.