How to hide email addresses entered through a PHP form

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

ap24
Forum Newbie
Posts: 1
Joined: Mon Jun 16, 2008 7:26 am

How to hide email addresses entered through a PHP form

Post by ap24 »

Hello,
I am developing a Greeting card sending form which has "fromemail" and "toemail" fields for entering from and to emails. Now when a form is posted to another preview form, these email addresses can be intercepted and changed at the intercepting proxy such as BURP Proxy or Tamper IE. what should I do so that they cannot be changed in transit of the request.

Thank you
User avatar
Greenconure
Forum Commoner
Posts: 30
Joined: Mon Jun 16, 2008 8:19 am

Re: How to hide email addresses entered through a PHP form

Post by Greenconure »

I would probably encrypt the email address.
You can find a list of php's cryptography extensions here:
PHP: Cryptography Extensions: Manual - http://us.php.net/manual/en/refs.crypto.php

I would also probably use something like "Mcrypt" (it's on the list), because it uses a key and can be decoded (it's not a hash)
Encryption:

Code: Select all

 
<?php
$key = "UNIQUE-KEY-HERE"; //Don't tell people this :]
$input = "EMAIL-HERE-OR-VARIABLE.";
$encrypted_data = mcrypt_ecb (MCRYPT_3DES, $key, $input, MCRYPT_ENCRYPT);
?>
 
Decryption:

Code: Select all

 
<?php
$data = $_POST["email"]; 
$key = "UNIQUE-KEY-HERE"; //Don't tell people this :]
$input = "EMAIL-HERE-OR-VARIABLE.";
$decryptedData = mcrypt_ecb (MCRYPT_3DES, $key, $data , MCRYPT_DECRYPT); 
?>
 
User avatar
Apollo
Forum Regular
Posts: 794
Joined: Wed Apr 30, 2008 2:34 am

Re: How to hide email addresses entered through a PHP form

Post by Apollo »

Additionally, add some hash in the encrypted text, which you verify afterwards. This makes sure people can't submit bogus values (encrypted garbage).
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: How to hide email addresses entered through a PHP form

Post by Mordred »

Bah, nonconcern. What if they were fake the first time?
User avatar
Greenconure
Forum Commoner
Posts: 30
Joined: Mon Jun 16, 2008 8:19 am

Re: How to hide email addresses entered through a PHP form

Post by Greenconure »

Mordred wrote:Bah, nonconcern. What if they were fake the first time?
Well..
- You could send a confirmation e-mail to the given e-mail address.
- You could obtain a list of "free & temporary" e-mail address websites and block e-mails from those sites
- You could validate the e-mail and make sure that only alphanumeric (a-z & 0-9) characters, periods, dashes, and the "@" symbol are in the e-mail to prevent misuse.
- If you were requiring an e-mail for registration for a website, you could send a random password to the email in question which would then be required to login.

You can't* stop someone from creating a "@gmail.com" or "@hotmail.com" account and then using the form to spam, but the above steps would help.

*You could require paid e-mail address such as "@mac.com" - but consider the free trial. And think about what percentage of people would actually do this.
User avatar
Greenconure
Forum Commoner
Posts: 30
Joined: Mon Jun 16, 2008 8:19 am

Re: How to hide email addresses entered through a PHP form

Post by Greenconure »

Apollo wrote:Additionally, add some hash in the encrypted text, which you verify afterwards. This makes sure people can't submit bogus values (encrypted garbage).
Good point!
For the topic poster:
MD5 Hash Creation

Code: Select all

$hash = md5($string);
MD5 Hash Check

Code: Select all

//$data is the raw data
//$hash is the hash from when you created it
if (md5($data) = $hash)
{
//Correct Hash
}
else
{
//Incorrect Hash
}
However, you may want to research different methods of hash generation.
I believe that I've heard that MD5 is being replaced by a better method, but I can't remember where I heard that.
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: How to hide email addresses entered through a PHP form

Post by Mordred »

*sigh*
You keep trying to solve a non-problem. Don't worry about the data being changed between requests. The data comes from the user anyway. Worry about it's validity at the point when validity must be enforced (i.e. at the last step of the edit/preview cycle)

Email validation is another topic, it's been already widely discussed.
User avatar
Greenconure
Forum Commoner
Posts: 30
Joined: Mon Jun 16, 2008 8:19 am

Re: How to hide email addresses entered through a PHP form

Post by Greenconure »

Mordred wrote:*sigh*
You keep trying to solve a non-problem. Don't worry about the data being changed between requests. The data comes from the user anyway. Worry about it's validity at the point when validity must be enforced (i.e. at the last step of the edit/preview cycle)

Email validation is another topic, it's been already widely discussed.
I guess I didn't make myself clear enough about when to validate. But the point you made was good, you don't need to validate a e-mail being used for the preview - only for the final.. Or am I just solving a non-problem again? :]
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: How to hide email addresses entered through a PHP form

Post by Mordred »

Greenconure wrote:Or am I just solving a non-problem again? :]
Actually, yes, most of the solutions you enumerated are against non-problems as well. The only way to validate an email address is to send a random email confirmation token. Everything else is what I think of as "just tickling your security bone" (not 100% sure if this is the equivalent phrase in English though), i.e. not effective at all.
User avatar
Eran
DevNet Master
Posts: 3549
Joined: Fri Jan 18, 2008 12:36 am
Location: Israel, ME

Re: How to hide email addresses entered through a PHP form

Post by Eran »

That depends on what you consider validating an email address. Sometimes you just need to verify it is of the right format, not that it actually belongs to anybody. It certainly wasn't specified in the original post.
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: How to hide email addresses entered through a PHP form

Post by Mordred »

pytrin wrote:It certainly wasn't specified in the original post.
Well, yes, so I said:
Mordred wrote:Email validation is another topic
I wrote a bit more on the subject here.
User avatar
Eran
DevNet Master
Posts: 3549
Joined: Fri Jan 18, 2008 12:36 am
Location: Israel, ME

Re: How to hide email addresses entered through a PHP form

Post by Eran »

nice article :)
Pass it through a really working really complex regexp checking for really full RFC 2822 correctness.
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: How to hide email addresses entered through a PHP form

Post by Mordred »

Well, it really ain't easy ...

Pop quiz: mark the (RFC) valid and non-valid addresses:
  1. your%mom@[IPv6: 2001:0db8::1428:57ab]
  2. holy!#$%^&*&()_chist@abcdefghijklmnopqrstuvwxyz.com
  3. "o@rly?"@abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz.com
  4. john.smith@123456789012345678901234567890123456789012345678901234567890.co.uk
  5. john.@dot.com
  6. dot@com
  7. .com@.com
User avatar
Greenconure
Forum Commoner
Posts: 30
Joined: Mon Jun 16, 2008 8:19 am

Re: How to hide email addresses entered through a PHP form

Post by Greenconure »

RFC 2822 - Internet Message Format - http://tools.ietf.org/html/rfc2822
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: How to hide email addresses entered through a PHP form

Post by Mordred »

Ha, no, I don't want the RFC, thankyouverymuch.
The "pop quiz" is for all the smartdonkeys that think doing the RFC checks are easy.

But anyway, the essence of my post is that you shouldn't care about the RFC.
Post Reply