Bogdan, Penny just dropped with what Tom suggested. REad up on how Debian does it, use the web of trust approach.
Miles At 12:52 PM 1/9/2002 +1000, Tom Rogers wrote: >Hi >You could get all your users to add an encrypted signature to their emails >and check that on recieipt. >Tom > >At 11:35 AM 9/01/02, Bogdan Stancescu wrote: >>Hi all! >> >>I'm working on a free software package due to be launched on freshmeat >>some time soon (next month most probably). The program is a project >>development environment, somewhat similar to phpGroupWare but, I like to >>think, better and with less bugs. >> >>Due to the nature of the project I need to be able to give registered >>users the ability to upload data in the system via e-mail. This >>obviously means checking who the originator of the e-mail is, apart from >>actually processing the e-mail (which works fine). >> >>My problem is, how do I check that securely? I'm currently using the >>headers of the e-mail for the "from:" field and check it against the >>registered users' e-mail addresses. Works fine. But I guess that's >>pretty easy to trick. >> >>I basically have two concerns: one is that a person may send an e-mail >>with fake headers. The other is that a user (or non-user) on the same >>domain with another user would be able to send messages using the second >>guy's e-mail account (that's because SMTP doesn't have any security >>mechanism and one can easily impersonate somebody else once they're >>logged on a computer with SMTP permissions on the mail server). >> >>Did anybody run into this kind of problem? Any suggestions? >> >>Thanks in advance - I'll let you know when we release this thing if >>you're interested. >> >>Bogdan >> >> >> >> >>-- >>PHP General Mailing List (http://www.php.net/) >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] >>To contact the list administrators, e-mail: [EMAIL PROTECTED] > > >-- >PHP General Mailing List (http://www.php.net/) >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] >To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
