|
Posted by Claire Tucker on July 29, 2004, 10:38 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Doctor) wrote:
>I have the following scenario:
>
>On a Secure Web Site, we have an e-mail sign up form.
>
>The person wanting to develop this is concerned about spammer intercepting
>the e-mail address of signee.
>
>We are using Apache and SSL.
>
>What issues should myself, the system admin, and the developer be looking
>out for and how far can we secure this site.
You've cross-posted this to several groups which have very different
focuses, and so I can't tell what point of view you're thinking of
here.
You say you are using SSL, so presumably you aren't concerned about
the address being submitted from the browser to the web server. I
guess, then, that you must be thinking of the outgoing mail.
You aren't exactly clear about what your site is doing. I *think* what
you're saying is that you're asking for an email address and then
presumably sending mail to the new user, perhaps to "validate" the
given email address.
In this case, there's not really much you can do about the mail
transfer; SMTP in general operates over unencrypted links, and the
mail you're sending could pass through several mail servers before it
reaches its ultimate destination. If this concerns you, then I have to
say that perhaps your only option is to not send the mail at all.
Assuming I've got your focus and situation right here, I'm going to
trim the followups to comp.security.misc which seems to be the only
applicable newsgroup you crossposted to.
All the best,
-Claire
| 
XML site map