Jump to content

A simple question about e-mail confirmation and how to secure it

bugzy

By bugzy
in PHP Coding Help

 Share

Recommended Posts

bugzy Regular Member

bugzy

Posted
  • Author
Posted

What are you trying to secure it against?

 

Pikachu2000 I just though hacker might do something really bad if the confirmation code was blatantly there? like force an account's e-mail to get unconfirmed again and stuffs like that..

Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

The only way something like that could happen is if your code specifically allows it to happen. Typically, once an email address has been confirmed, either the code is deleted from the record in the database, or a flag field is set to indicate that the address has already been confirmed. Your code should be written to check for that condition before allowing login, account information edits, etc.

bugzy Regular Member

bugzy

Posted
  • Author
Posted

The only way something like that could happen is if your code specifically allows it to happen. Typically, once an email address has been confirmed, either the code is deleted from the record in the database, or a flag field is set to indicate that the address has already been confirmed. Your code should be written to check for that condition before allowing login, account information edits, etc.

 

So putting sha1 there is already an overkill? the code is just updating the user's column "verified" to true/false.

peipst9lker Newbie

peipst9lker

Posted
Posted

Just use a random token which is saved in a database and only valid for like 24hours or something.

Why would you use an encryption (sha1) ? There are no sensitive data inside which need to be encrypted.

This confirmation code is only to proof that the email recievant is valid.

Christian F. Member

Christian F.

Posted
Posted

sha1() is not encryption, it's hashing. Encryption is two-way, meaning you can decrypt to get the original content. Hashing is one-way, meaning there is no way to get the original content from a hash.

That said, there is no need to hash the unique code, since the value of the code is having the code itself. Since it does not have a content beyond itself. Even if you hash it, you have to store it in the database hashed, meaning it would be exactly the same as what the user needs to send to validate his/her email address.

 

Quite similar to putting a second lock on your door, in case someone was able to copy your key, but then linking it to the first lock. So that when anyone unlocked the first lock, the second lock would automatically unlock itself. In which case, there is no point to the second lock in this scenario.

 

Don't know if I've explained it so that its understandable, but if not please let me know.

xyph Advanced Member

xyph

Posted
Posted

You should use a cryptographically-secure random source.

 

rand() is based on time, and has very limited entropy. This means it's actually quite predictable.

 

If you're running this on a *nix server, you should use /dev/urandom

 

$handle = fopen('/dev/urandom','rb');
$raw = fread($handle, 16);
$token = bin2hex($raw);

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.