My 2c You could send the link with hash etc And just request them enter their email address (that they received the email at) as the temp password at server.
OR Alternatively - the first link when clicked just sends out a temp activation URL in a new email to the user that is time sensitive - they wait for that and click on that for full access - similar to the way some banks token systems and password reminders work So your security is that only they have access to their own email account (if not shared with all the hotmail/gmail account hackers!) -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Brendan Brink Sent: Wednesday, 29 September 2010 11:43 To: [email protected] Subject: [phpug] securing pages hi there all, Have developed a system for a client where various online forms are passed between staff internally in the company as well as suppliers and external people, each form has 2 different views, one to view a form submission, and another to view and edit a form submission (manager normally does this) All links to the forms include a MD5 hash which presently offers some security to the page that displays the form. Problem is that these links are sent out via email to people that staff want to view the forms, and the pages are 'public' if you have the link to view them (with the hash) The client wants to know is there a way to make it more secure without forcing a username / password security feature on the system ...as the ability to click on a link in an email to go through to the form works efficiently... basically wanting to increase the security... would placing these forms on a secure server provide this? ie instead of http://www.client.co.nz/form.php?hash=hgs8ohsduogh8s37h have: https://www.client.co.nz/form.php?hash=hdjgklsheugehsukl I am thinking all this does, is encrypt the contents of the page...but the links are still public domain...and accessible by anyone with the link.... any other advice / suggestions? -- NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected] please consider the environment before you print this email ########################################################################################## The views expressed in this e-mail and any corresponding attachments do not necessarily reflect those of the Health Research Council of New Zealand. This e-mail together with any accompanying attachments may be confidential and subject to legal privilege. If you have received this message in error, please notify the sender immediately and note that you may not copy, disclose or use the content in any way Thank You. ########################################################################################## -- NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected]
