Hi all:

When encrypting with md5 for example am I correct in thinking that you cannot just encrypt an email address? For example...

MySite.com/delete.php?email=johndoe@aol.com

becomes

MySite.com/delete.php?email=013ba2d18b09725a3675927a657144ed

Now let's say that John Doe was competitor of Joe Smith. Couldn't Joe Smith go to http://www.adamek.biz/md5-generator.php and type in "johndoe@aol.com", get the encrypted email and delete his competitor from my table?

Is the answer to never just encrypt an email address but to encrypt an email address+ some publicly unknown variable such as the record ID?

So now it would be

MySite.com/delete.php?email=johndoe@aol.com437

becomes

MySite.com/delete.php?email=db08aea2372212f94ba503411ad2f32a

and unless Joe Smith knows John Doe's record ID (highly unlikely) the code is somewhat safe.

sha1 would be the same reasoning.

Comments appreciated before I go ahead with a big project.

    i would expect there to be a log in restricting what John Doe\Joe Smith can do

      Not necessarily. What about a remove link from a email list?

        i can't see you letting some one remove any address but there own, except for an administrator.

          In your example, unless Joe Smith has access to your database, it doesn't matter if he gets the md5 checksum or not. Further, If Joe has access to your database, you have more to worry about than him deleting his competitor's email address.

            I fully agree. But my point is, let's say the link to remove John Doe's email is:

            MySite.com/delete.php?email=013ba2d18b09725a3675927a657144ed

            John Doe clicks on it and is removed. But let's say John Doe is very devious and he knows his competitor Joe Smith is on the mailing list too. Now John Doe can go to http://www.adamek.biz/md5-generator.php, type in Joe Smith's email address and convert it and then replace the link on his (John Doe) delete link with Joe Smith's email address delete link and delete Joe Smith.

              you could have just asked that question in the first place.

              i store a 32 character hash for every users in the db, that is used for any external request unsub\delete etc.

              $hash=md5(uniqid(mt_rand(),true));

                to update an existing table:

                update users set hash=MD5(UUID())

                  OK, so you would never base an encrypted record on an email address in the first place. You would use the random hash as the identifier?

                    dagon;10975842 wrote:

                    you could have just asked that question in the first place.

                    i store a 32 character hash for every users in the db, that is used for any external request unsub\delete etc.

                    $hash=md5(uniqid(mt_rand(),true));

                    LOL! Sometimes I need to learn the hard way! :rolleyes:

                      Square1;10975844 wrote:

                      OK, so you would never base an encrypted record on an email address in the first place. You would use the random hash as the identifier?

                      correct, then its not reversible, they could guess (a lot), but for most cases this is safe 'enough'

                        Write a Reply...