[nycphp-talk] Security and POP/IMAP/HTTPS
Tim Sailer
sailer at bnl.gov
Tue Oct 10 08:46:13 EDT 2006
On Tue, Oct 10, 2006 at 08:26:45AM -0400, Aaron Fischer wrote:
> Greetings,
>
> Someone was proposing sending PDFs containing sensitive info over email.
> I was thinking of recommending against it, citing the lack of security
> in the POP/IMAP protocols. Is that a legitimate concern?
Oh, just a little concern! :)
> An alternative would be to email them with a link to the PDF which would
> be protected with a login system (That's where the PHP would come in).
A few years ago, I wrote an http file transfer system, where you would upload
a file via a ssl form, and the system would give you a url containing convoluted
dir names to grab the file. This way, a bot couldn't 'guess' the full path, and
we would remove the file after 24 hrs. All this in PHP, of course. If you are
interested, I think I still have the source kicking around somewhere. It wasn't
nice code, or a lot of it, but it worked for the client.
Tim
--
Tim Sailer <sailer at bnl.gov>
DoE Intelligence and Counterintelligence - Cyber Division
Northeast Regional Counterintelligence Office
Brookhaven National Laboratory (631) 344-3001
More information about the talk
mailing list