disposable-email-imap
disposable-email-imap copied to clipboard
synox
Make an adress exclusive to the first session
Do you think that is valid if we implement a temporary cookie block other users from accessing a given mail? Because as the software is today, multiple users can have access to the same mailbox, what can allow a malicious user to search for mails on all possible mailboxes on the server. The cookie should be encrypted with strong encryption and a random key for every mail boxes, to keep cookie stealers from identifying what mail box was locked to the user browser. If we are using HTTPS, only the server will know what mail is locked to that browser. The cookie should be deleted on tab closing, if the user click that back or refresh button and for every new tab, with every new mail, a new encrypted cookie should be set. We can use javascript onbeforeunload and onunload to first alert the user that if he leaves the page the session will be terminated and then delete the cookie.
A statement that the service store a cookie for that should be made, of course, but such implementation should be pretty privacy friendly.
I designed it to be open, so everybody can see everything (if the address is known).
It is similar to http://www.wegwerfemailadresse.com/ where you can access any mailbox.
what i could imagine implementing is a "secret" mailbox:
As a user i click "create secret address" and get forwarded to a unique URL /secret/12e2d49994bd963706871143d62b95f162d2969e, unrelated to the email address. The page will then show the secret email-address '[email protected]'. And the email can only be accessed from that special mailbox.
I would prefer giving away urls with tokens instead of cookies. It would be preferable to solve it with cryptography in order not to need a storage.
what do you think?
This looks good for me. But I think that if we aren't going to destroy the mailbox on tab closing, the user should have the hability to delete the mailbox with only one click (like on guerrila mail).
synox said: if the address is known
Well, I can keep programmatically trying to find a non-empty mail box and potentially gain access to other peoples data. As the code is open, a malicious user can actually find the weakness on the random patterns generator and find those mailboxes more easily. This is why I think users should be able to have some control over the mailboxes that he receives, because people can be not so smart and actually put sensitive information on open mailboxes even if you alert them to not do.
I assume the user does not put receive sensitive information. If that happens, there is however the option to delete an email. My design goal was to make the code as simple as possible and the user experience simple. Not to fight against hackers.
i made a quick prototype, please try the experience: https://github.com/synox/disposable-email-imap/tree/feature_secret
the crypto functions should be safe, the addresses just don't look so pretty. but this is security vs. usability.
the bigger security problem is the source and html function, they just use the message id (which is a small int), no checks. contributions are welcome! :+1:
Should you accept a patch on that request? I'll be very busy this month, but would try to write it on the next month.
Hey @zmjwong , i noticed you already use this feature in production (beta).
Please note that https://github.com/synox/disposable-email-imap/issues/4 has to be fixed first. Also consider making a fork with your improvements.