0

I have an contact mail form on my website and i want to make this form secure enough. Which is the best way to to this job, is there any way to hide php variables that i sent with post to another page.

Any sample or link or idea ?

Secure - i mean my data to be safe, since users will be inserting their personal data, like passport number, ssn ect, and want those data to be safe in some way. I have read somewhere that with some injections there are peoples who can take those data sent by form. I think i am clear now ?

AXheladini
  • 1,776
  • 6
  • 21
  • 42
  • 1
    What is "secure"? It could mean many things. – Yann Ramin Jul 13 '10 at 18:12
  • 3
    @theatrus: no, the question is: what is "enough"? – Borealid Jul 13 '10 at 18:15
  • Secure in what aspect? And what “PHP variables” do you want to send? – Gumbo Jul 13 '10 at 18:16
  • Secure - i mean my data to be safe, since users will be inserting their personal data, like passport number, ssn ect, and want those data to be safe in some way. I have read somewhere that with some injections there are peoples who can take those data sent by form. I think i am clear now ? – AXheladini Jul 13 '10 at 18:20
  • @AXheladini: Please add this information to your question. – Gumbo Jul 13 '10 at 18:22
  • 4
    Securing of that kind can really only be achieved by using an SSL certificate to encrypt the exchange of posted data and protect it from any eavesdropping. Though you said this was a mail form - I definitely would not plan on transmitting anyones SSN in email if that's the intention, since email itself is an unsecured medium. – DeaconDesperado Jul 13 '10 at 18:23
  • Well, as soon as you email them there is always a chance someone could get aware of your mail. If you like to make sure, noone but the receiver of the mail is going to read it, you will need to encrypt it. – JochenJung Jul 13 '10 at 18:24
  • @DeaconDesperado unless something like this could be implemented: http://stackoverflow.com/questions/3146847/design-problem-secure-self-destructing-email – quantumSoup Jul 13 '10 at 18:56
  • 3
    If you're dealing with sensitive user data, like passport or credit card numbers, hire a competent developer who knows some basic security. I'd be very worried if I thought a system which handled this data was written by someone who doesn't know what HTTPS is. – TRiG Jul 13 '10 at 19:09
  • @Aircule - Agreed, but still, who's to say the information even when arriving on the final destination mailbox will be maintained on a secure machine? I think the data he's talking about is the issue here. SSN's are highly sensitive pieces of personal information - I don't think I'd do it in any case via email. I'm inclined to agree with TRiG. – DeaconDesperado Jul 13 '10 at 19:35
  • Put the form offline, on Fort Knox. – Alix Axel Jul 13 '10 at 23:39

5 Answers5

7

Why hasn't anyone mentioned HTTPS?

Just make your form gets submitted using the HTTPS protocol, and all of the data is transparently encrypted (this means you don't need to do anything to decrypt it in PHP, it just works)

Jani Hartikainen
  • 42,745
  • 10
  • 68
  • 86
  • how to make my form to be submitet using the https protocol. And how will those date be decrypted to the email u want to sent them? – AXheladini Jul 13 '10 at 18:41
  • You need to have an SSL certificate installed on your server and activated with your registrar. You can then make all elements within the form page (including the form's own action attribute) use https:// to open a HTTPS connection. This will encrypt the communication between the client and the server. Emailing SSN numbers or very sensitive personal information from PHP is still a bad idea however. – DeaconDesperado Jul 13 '10 at 18:50
  • It's not possible to send encrypted emails without requiring the recipient to decrypt them (by themselves or using a special client). Actually here's a related question: http://stackoverflow.com/questions/3146847/design-problem-secure-self-destructing-email . Regardless, you definitely **should not** email SSN or other sensitive information in plaintext. – quantumSoup Jul 13 '10 at 18:54
3

Use HTML Purifier or OWASP.

HTML Purifier

HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited,
secure yet permissive whitelist

OWASP

The Open Web Application Security Project (OWASP) is the name for all the activities of the OWASP Foundation.

Sarfraz
  • 377,238
  • 77
  • 533
  • 578
  • You should elaborate on that. – Gumbo Jul 13 '10 at 18:17
  • @Gumbo: I thought links were sufficient. Added anyways :) – Sarfraz Jul 13 '10 at 18:21
  • 1
    @Gumbo The problem is the question is vague. HTML Purifier may not be appropriate, OWASP's recommendations may also have nothing to do with the question. And yet may. This answer is of course a shot in the dark. – Artefacto Jul 13 '10 at 18:21
  • @Artefacto: Agreed question isn't that clear but is speaks about **security** so I posted some possible solutions about the **security**. I would have been more specific if the question was a bit clearer. – Sarfraz Jul 13 '10 at 18:23
  • 2
    @sAc: No, just posting links is absolutely not sufficient. You should add some information on what can be found when following these links. Something like: “If you want to allow (some) HTML, use HTML Purifier. And for general recommendations on security in web applications, see OWASP.” – Gumbo Jul 13 '10 at 18:28
  • @Gumbo: Hmm that's better I think, thanks for your suggestion, I was a bit too lazy now actually:( – Sarfraz Jul 13 '10 at 18:36
0

If by secure, you mean relatively protected from spammers, one good thing to do among many others is to have an email input field for the end user to put their reply-to that actually enforces valid MX entires.

     function isValidEmail($email){

       $pattern = '/^([a-z0-9])(([-a-z0-9._])*([a-z0-9]))*
\@([a-z0-9])*(\.([a-z0-9])([-a-z0-9_-])([a-z0-9])+)*$/i';

    if(!preg_match ($pattern, $email)){return false;}



        list($user_name, $mail_domain) = explode("@",$email); // Split email address into username and domain name

        if (checkdnsrr($mail_domain, "MX")) return true;

        return false; // Invalid email address
        }

Certainly not a comprehensive solution, but it does help a great deal to cut out automated submissions.

DeaconDesperado
  • 9,977
  • 9
  • 47
  • 77
  • Because that's not a very good way of checking for valid email addresses. A regex would be a better solution. PS: I am not the one who downvoted it, but I believe that would be the reason why they did it. – quantumSoup Jul 13 '10 at 18:51
  • I could agree there - didn't actually catch that when I copied my older file - the ones I use now has filter_var($email, FILTER_VALIDATE_EMAIL)) followed by the domain check. The mx part was what I was trying to emphasize and I forgot to even check the first half in the older code. – DeaconDesperado Jul 13 '10 at 18:59
0

You should:

  • Require your users to apply a captcha (or sign in), to make it harder for bots to use your mail form.
  • Sent mail to predefined adresses only (if possible).
  • Accept POST only (no GET), to prevent CSRF.
  • Disallow HTML in your Mails.
JochenJung
  • 7,183
  • 12
  • 64
  • 113
0

HTTPS protocol is the best solution. For Spamer protection you can use captcha. If you are passing variable from one server to another you can make it more protected using encryption.

Developer
  • 25,073
  • 20
  • 81
  • 128