I'm asking here, because I don't know where to start ....

A client has a subscription newsletter, presently circulated as a PDF 
mailed to subscribers. It's being circulated widely, but not paid for.

Approach (a) for securing this is to email a link to subscribers. Each 
subscriber will have logged on once, at which time a PHP script will create 
a hashed value of ID and time, store it in the subscriber database, setting 
"logged_in" to true and setting a cookie in the subscriber's browser.

 From then on logins will be automatic as the contents of the cookie will 
be checked against the database and the subscriber automatically 
authenticated. If a login is attempted from another browser, 
username/password will be prompted for, and the data fetched by login 
script will indicated that a key has been generated and the "logged_in" 
flag set. So no access and phone the office if you want this reset.

The PDF will be downloaded from the site, and we'll turn off cutting & 
pasting; it will always have the same name on the browser. So we're OK.

Approach (b) is a little different. The client issues digital certificates 
to each subscriber & stores them on the server. I understand each 
certificate can be used to encrypt (as well as sign) mail to each 
individual subscriber, using the subscriber's public key.

The mail script then creates an email to each subscriber, incorporating the 
subscriber's & sender's name, with the PDF as  an attachment. The 
subscriber's public key (from the certificate?) is used to encrypt the 
message and attachment.

Can this be done with PHP's mail() function? I assume so and I just haven't 
read the correct RFc yet. A pointer in the correct direction will be 

The other question I have is does the subscriber's email client 
automatically decrypt the PDF? If so, if the subscriber forwards the 
message (and attachment) to his own personal list I would assume a 
decrypted PDF goes, rather than an encrypted one.

Some feedback would be appreciated. I'd prefer approach (b), but am 
currently working on (a).

Miles Thompson

PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to