Page 1 of 2
How to hide email addresses entered through a PHP form
Posted: Mon Jun 16, 2008 7:32 am
by ap24
Hello,
I am developing a Greeting card sending form which has "fromemail" and "toemail" fields for entering from and to emails. Now when a form is posted to another preview form, these email addresses can be intercepted and changed at the intercepting proxy such as BURP Proxy or Tamper IE. what should I do so that they cannot be changed in transit of the request.
Thank you
Re: How to hide email addresses entered through a PHP form
Posted: Mon Jun 16, 2008 9:17 am
by Greenconure
I would probably encrypt the email address.
You can find a list of php's cryptography extensions here:
PHP: Cryptography Extensions: Manual - http://us.php.net/manual/en/refs.crypto.php
I would also probably use something like "Mcrypt"
(it's on the list), because it uses a key and can be decoded
(it's not a hash)
Encryption:
Code: Select all
<?php
$key = "UNIQUE-KEY-HERE"; //Don't tell people this :]
$input = "EMAIL-HERE-OR-VARIABLE.";
$encrypted_data = mcrypt_ecb (MCRYPT_3DES, $key, $input, MCRYPT_ENCRYPT);
?>
Decryption:
Code: Select all
<?php
$data = $_POST["email"];
$key = "UNIQUE-KEY-HERE"; //Don't tell people this :]
$input = "EMAIL-HERE-OR-VARIABLE.";
$decryptedData = mcrypt_ecb (MCRYPT_3DES, $key, $data , MCRYPT_DECRYPT);
?>
Re: How to hide email addresses entered through a PHP form
Posted: Mon Jun 16, 2008 10:14 am
by Apollo
Additionally, add some hash in the encrypted text, which you verify afterwards. This makes sure people can't submit bogus values (encrypted garbage).
Re: How to hide email addresses entered through a PHP form
Posted: Mon Jun 16, 2008 10:30 am
by Mordred
Bah, nonconcern. What if they were fake the first time?
Re: How to hide email addresses entered through a PHP form
Posted: Mon Jun 16, 2008 4:43 pm
by Greenconure
Mordred wrote:Bah, nonconcern. What if they were fake the first time?
Well..
- You could send a confirmation e-mail to the given e-mail address.
- You could obtain a list of "free & temporary" e-mail address websites and block e-mails from those sites
- You could validate the e-mail and make sure that only alphanumeric (a-z & 0-9) characters, periods, dashes, and the "@" symbol are in the e-mail to prevent misuse.
- If you were requiring an e-mail for registration for a website, you could send a random password to the email in question which would then be required to login.
You can't* stop someone from creating a "@gmail.com" or "@hotmail.com" account and then using the form to spam, but the above steps would help.
*You could require paid e-mail address such as "@mac.com" - but consider the free trial. And think about what percentage of people would actually do this.
Re: How to hide email addresses entered through a PHP form
Posted: Mon Jun 16, 2008 4:50 pm
by Greenconure
Apollo wrote:Additionally, add some hash in the encrypted text, which you verify afterwards. This makes sure people can't submit bogus values (encrypted garbage).
Good point!
For the topic poster:
MD5 Hash Creation
MD5 Hash Check
Code: Select all
//$data is the raw data
//$hash is the hash from when you created it
if (md5($data) = $hash)
{
//Correct Hash
}
else
{
//Incorrect Hash
}
However, you may want to research different methods of hash generation.
I believe that I've heard that MD5 is being replaced by a better method, but I can't remember where I heard that.
Re: How to hide email addresses entered through a PHP form
Posted: Tue Jun 17, 2008 2:00 am
by Mordred
*sigh*
You keep trying to solve a non-problem. Don't worry about the data being changed between requests. The data comes from the user anyway. Worry about it's validity at the point when validity must be enforced (i.e. at the last step of the edit/preview cycle)
Email validation is another topic, it's been already widely discussed.
Re: How to hide email addresses entered through a PHP form
Posted: Tue Jun 17, 2008 8:43 am
by Greenconure
Mordred wrote:*sigh*
You keep trying to solve a non-problem. Don't worry about the data being changed between requests. The data comes from the user anyway. Worry about it's validity at the point when validity must be enforced (i.e. at the last step of the edit/preview cycle)
Email validation is another topic, it's been already widely discussed.
I guess I didn't make myself clear enough about when to validate. But the point you made was good, you don't need to validate a e-mail being used for the preview - only for the final.. Or am I just solving a non-problem again? :]
Re: How to hide email addresses entered through a PHP form
Posted: Tue Jun 17, 2008 9:00 am
by Mordred
Greenconure wrote:Or am I just solving a non-problem again? :]
Actually, yes, most of the solutions you enumerated are against non-problems as well. The
only way to validate an email address is to send a random email confirmation token. Everything else is what I think of as "just tickling your security bone" (not 100% sure if this is the equivalent phrase in English though), i.e. not effective at all.
Re: How to hide email addresses entered through a PHP form
Posted: Tue Jun 17, 2008 10:04 am
by Eran
That depends on what you consider validating an email address. Sometimes you just need to verify it is of the right format, not that it actually belongs to anybody. It certainly wasn't specified in the original post.
Re: How to hide email addresses entered through a PHP form
Posted: Wed Jun 18, 2008 5:06 am
by Mordred
pytrin wrote:It certainly wasn't specified in the original post.
Well, yes, so I said:
Mordred wrote:Email validation is another topic
I wrote a bit more on the subject
here.
Re: How to hide email addresses entered through a PHP form
Posted: Wed Jun 18, 2008 5:20 am
by Eran
nice article
Pass it through a really working really complex regexp checking for really full RFC 2822 correctness.
Re: How to hide email addresses entered through a PHP form
Posted: Wed Jun 18, 2008 6:19 am
by Mordred
Well, it
really ain't easy ...
Pop quiz: mark the (RFC) valid and non-valid addresses:
- your%mom@[IPv6: 2001

57ab]
- holy!#$%^&*&()_chist@abcdefghijklmnopqrstuvwxyz.com
- "o@rly?"@abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz.com
- john.smith@123456789012345678901234567890123456789012345678901234567890.co.uk
- john.@dot.com
- dot@com
- .com@.com
Re: How to hide email addresses entered through a PHP form
Posted: Wed Jun 18, 2008 1:22 pm
by Greenconure
RFC 2822 - Internet Message Format -
http://tools.ietf.org/html/rfc2822
Re: How to hide email addresses entered through a PHP form
Posted: Wed Jun 18, 2008 1:56 pm
by Mordred
Ha, no, I don't want the RFC, thankyouverymuch.
The "pop quiz" is for all the smartdonkeys that think doing the RFC checks are easy.
But anyway, the essence of my post is that you shouldn't care about the RFC.