Greg, I would be tempted to PGP encrypt the whole email using a password that the user specified during some kind of secure registration process, but that would require your that your users be able to download/puchase, install and operate some PGP software.
Otherwise, I suppose a vague way around this is to send a URL with some kind of unique reference for this user's login. No user name, password or anything identifiable as log in details. Make it so this link will only work once, your application gives them a username and they have to specify a new password as soon as they hit the site through this link. Of course this doesn't stop the email being intercepted and used by the interceptor first. In this case you'd have to have some kind of error message with immediate contact details if the user wasn't the one to access the account. Looking at your sig, if this is for financial information, I'd just refuse to code this as a massive security risk and potential PR nightmare for the company. Just my 2p.... Regards Stephen ----- Original Message ----- From: <"Luce>; <Greg <[EMAIL PROTECTED]>> To: "CF-Talk" <[EMAIL PROTECTED]> Sent: Wednesday, February 12, 2003 2:05 PM Subject: Encryption Key > What's the best way to send an email to members of a site with a link that > will log them right in if they click it? This is what I've been asked to > provide, but isn't it insecure? What would you encrypt? Even if you encrypt > a key, if the email is intercepted the interceptor will still be able to log > right in correct? I don't see how any encryption will make it any more > secure. Any ideas? > > Greg > ***Sterling Financial Investment Group, Inc. (SFIG) is a member of > NASD/MSRB/NFA/SIPC. Email transmissions may be monitored. SFIG cannot > accept orders to buy or sell via email. Please visit www.mysterling.com for > more information.*** ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Get the mailserver that powers this list at http://www.coolfusion.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
