Jump to content

Recommended Posts

Hi, so I'm creating a site for a client right now. It's mostly just front-end design but there are little bits of PHP. I'm good with most things on PHP and know how I would do this simply in PHP but I'm just not sure if it's secure. Like, could I just use the mail(); function? Is that secure enough or do I need more? Thanks!

Link to comment
https://forums.phpfreaks.com/topic/282206-secure-php-emailing/
Share on other sites

Well, what do you mean by "secure" Emailing? I would think you would start with using https to make sure communications between the client and server are secure. But, as far as sending a secure email - I don't know what your expectations are. The only way to send an email securely (prevent others from being able to obtain the content of the message) is to encrypt it. Which means the recipient will need some way to decrypt it. For many businesses that require very tight control of such messages I see them using portals. The recipient is sent an email with a link to the portal. From there the user must log in to see the message. So, basically the message is never truly sent via email - only a notification that there is a message.

Link to comment
https://forums.phpfreaks.com/topic/282206-secure-php-emailing/#findComment-1449779
Share on other sites

The client I'm working with knows close to nothing about computers. I want to make a form on the web page that a client of MY clients can fill out then submit and it will send it to my client via email. But it all has to be very secure due to the nature of the information. Can I just take the information from the form and use the mail(); function? I don't want to have my client have to log into the site to be able to see the form submision. It should just be able to send to her email.

Link to comment
https://forums.phpfreaks.com/topic/282206-secure-php-emailing/#findComment-1449780
Share on other sites

If the info submitted is truly personal sensitive data like SSN or credit cards and such, then it would be best to keep it on the server and make them log in to view it.  Otherwise the client will just have to deal with the possibility of someone sniffing out the emails.

Link to comment
https://forums.phpfreaks.com/topic/282206-secure-php-emailing/#findComment-1449781
Share on other sites

Can I just take the information from the form and use the mail(); function?

 

Yes, but it won't be secure. Emails are not encrypted. So someone could potentially grab that data as it travels through the servers on it's way from server sending the mail to the receiving mail server. So, your options, as I see it, are to:

 

1) Use a third party email encryption function or build your own. But, that means your client will need to have something to decrypt the emails when they are received.

2) Keep the messages on the server and only send a notification email. Then provide a way for the user to retrieve the messages off the server. The notification email can have a link directly to the message and provide a login screen (if the user isn't already logged in). I think this would be the least intrusive process. But, you will need to ensure the site is being run through HTTPS, otherwise the data being viewed is being sent over the internet unsecured when the user views the messages.

Link to comment
https://forums.phpfreaks.com/topic/282206-secure-php-emailing/#findComment-1450139
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.