Hi You could get all your users to add an encrypted signature to their emails and check that on recieipt. Tom
At 11:35 AM 9/01/02, Bogdan Stancescu wrote: >Hi all! > >I'm working on a free software package due to be launched on freshmeat >some time soon (next month most probably). The program is a project >development environment, somewhat similar to phpGroupWare but, I like to >think, better and with less bugs. > >Due to the nature of the project I need to be able to give registered >users the ability to upload data in the system via e-mail. This >obviously means checking who the originator of the e-mail is, apart from >actually processing the e-mail (which works fine). > >My problem is, how do I check that securely? I'm currently using the >headers of the e-mail for the "from:" field and check it against the >registered users' e-mail addresses. Works fine. But I guess that's >pretty easy to trick. > >I basically have two concerns: one is that a person may send an e-mail >with fake headers. The other is that a user (or non-user) on the same >domain with another user would be able to send messages using the second >guy's e-mail account (that's because SMTP doesn't have any security >mechanism and one can easily impersonate somebody else once they're >logged on a computer with SMTP permissions on the mail server). > >Did anybody run into this kind of problem? Any suggestions? > >Thanks in advance - I'll let you know when we release this thing if >you're interested. > >Bogdan > > > > >-- >PHP General Mailing List (http://www.php.net/) >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] >To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
