I'm asking here, because I don't know where to start .... A client has a subscription newsletter, presently circulated as a PDF mailed to subscribers. It's being circulated widely, but not paid for.
Approach (a) for securing this is to email a link to subscribers. Each subscriber will have logged on once, at which time a PHP script will create a hashed value of ID and time, store it in the subscriber database, setting "logged_in" to true and setting a cookie in the subscriber's browser. From then on logins will be automatic as the contents of the cookie will be checked against the database and the subscriber automatically authenticated. If a login is attempted from another browser, username/password will be prompted for, and the data fetched by login script will indicated that a key has been generated and the "logged_in" flag set. So no access and phone the office if you want this reset. The PDF will be downloaded from the site, and we'll turn off cutting & pasting; it will always have the same name on the browser. So we're OK. Approach (b) is a little different. The client issues digital certificates to each subscriber & stores them on the server. I understand each certificate can be used to encrypt (as well as sign) mail to each individual subscriber, using the subscriber's public key. The mail script then creates an email to each subscriber, incorporating the subscriber's & sender's name, with the PDF as an attachment. The subscriber's public key (from the certificate?) is used to encrypt the message and attachment. Can this be done with PHP's mail() function? I assume so and I just haven't read the correct RFc yet. A pointer in the correct direction will be appreciated. The other question I have is does the subscriber's email client automatically decrypt the PDF? If so, if the subscriber forwards the message (and attachment) to his own personal list I would assume a decrypted PDF goes, rather than an encrypted one. Some feedback would be appreciated. I'd prefer approach (b), but am currently working on (a). Miles Thompson -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
