Security Basics mailing list archives
Re: Funny design method to hide mail addresses ?
From: s1nghul <s1nghulx () googlemail com>
Date: Wed, 23 Feb 2011 14:07:54 +0000
The only way I can think of would be to host this as a service, where the webmaster can change the configuration etc. but does not have direct access to the webserver / database. In this case the only one who has to be trusted is you - the service host. You cannot stop someone with access to the files of you project from reading information which other users supply. Regards s1n 2011/2/22 <webmaster () bodegon-colonial com>
Hi there, In my web project, I am storing mail addresses. These addresses may be used by the system to throw mails to the recipients. It is also important to say that these mail addresses have expiration time. But the critical point is trustness: for this very service, people must be sure that the mail addresses wil not be given to somebody else (especially to authorities, for example). To resume: * the system has to "know" the mail address. * the webmaster (or somebody else) has to be unable to find the true mail addresses. By doing this, the webmaster will not be able to give information (even by force :)). This is a fun problem. Intermediate solution: I already know how to do this as soon as the information has expired. E.g. The mail address is encrypted with gnupg (GPG / PGP algorithms). The system (or anybody) can decrypt if he/it has the password. But as soon as the mail address has expired, let's revoke the secret key :arrow: one cannot decrypt the mail address anymore. But this raises a performance problem (to create the private key)... Any help would be most appreciated :) ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Funny design method to hide mail addresses ? webmaster (Feb 22)
- Message not available
- Re: Funny design method to hide mail addresses ? s1nghul (Feb 23)
- Message not available
- <Possible follow-ups>
- Re: Funny design method to hide mail addresses ? krymson (Feb 23)
- Re: Funny design method to hide mail addresses ? Joris De Donder (Feb 28)