PHP Developers Network

A community of PHP developers offering assistance, advice, discussion, and friendship.
 
Loading
It is currently Sun Nov 23, 2014 5:51 am

All times are UTC - 5 hours




Post new topic Reply to topic  [ 4 posts ] 
Author Message
PostPosted: Wed Jun 20, 2012 2:44 am 
Offline
Forum Contributor

Joined: Fri Jul 09, 2004 1:23 am
Posts: 422
I am thinking on how to implement a email change function in light of the worst case scenario and how to revert it if it was malicious.

In light of people choosing the easiest possible password that I let them choose, I have to deal with a hacked account or a collegue using the logged in account to change the email just for fun.

If I change a customers email, I have to deal with the possibility that I am handing over his account to someone else.

My approach is the following:

- I ask for the password again when the Email is changed
- I create 2 Emails one to the old address one to the new. Both inlcude a different hash. The one to the new is obvious as it is used for validation. The one to the old includes 2 Links, one to finalize the change and one to deny the change in case of a malicious change request.

I change the emailadress on validation but I keep the possibility to reverse it if the user e.g. comes back from vacation and notices the problem.

Is this enough precaution or do I need more? I might be totally paranoid about this but I can think of a couple of scenarios where I might think that an automated email change system might be completely a bad idea ...


Top
 Profile  
 
PostPosted: Thu Jun 21, 2012 5:55 am 
Offline
DevNet Master
User avatar

Joined: Sun Feb 15, 2009 12:08 pm
Posts: 2775
Location: .za
To ask the password for changing the email address is a good idea; a correct combination of both doesn't always indicate the owner of the account. I'm not so sure about sending a validation email to the new address; it feels to me like a bit of overkill;

If the correct password is provided; for both login and the request to update information, you can only assume the user is the valid owner of the account. A user also has an obligation to keep sensitive information secure.

AGISB wrote:
In light of people choosing the easiest possible password that I let them choose

You should force a format for the passwords here (if you don't already); at least 8 characters in length and those characters be a mix of alpha numeric characters and non-word characters; generate passwords if you must.

_________________
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering


Top
 Profile  
 
PostPosted: Fri Jun 22, 2012 2:22 am 
Offline
Forum Contributor

Joined: Fri Jul 09, 2004 1:23 am
Posts: 422
The validation email to the new account is just to make sure the email is correct, as my application requires a valid email so I can contact the user.

My problem was that I used the email adress as username as well but I changed this so most of the problems I had with changing the mail are gone now ;)


Top
 Profile  
 
PostPosted: Sun Jun 24, 2012 5:41 pm 
Offline
DevNet Master
User avatar

Joined: Thu Mar 15, 2007 6:28 pm
Posts: 2765
Location: Redding, California
AGISB wrote:
The validation email to the new account is just to make sure the email is correct, as my application requires a valid email so I can contact the user.

It seems to me like that's the user's problem, not yours. However, there is a security problem with not confirming it. A malicious user could conceivably create an account under an email, change it to a non-existant email, and then register again with the first email. Using this method the person could create as many accounts as they like with only one valid email address. A good way to circumvent that would be to put a hold on the email for say, 36 hours, before allowing any particular email to be re-registered.

Overall, I don't think you need to be too worried about it, most sites are pretty lax in dealing with changing emails, I find, and there's not too much trouble.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
Powered by phpBB® Forum Software © phpBB Group