sendgrid-php icon indicating copy to clipboard operation
sendgrid-php copied to clipboard
verified publisher icon sendgrid

Insecure Inbound Parse

Open OlegKunitsyn opened this issue 3 years ago • 0 comments

Issue Summary

Inbound Parse API does not provide any security controls against a malicious sender.

Steps to Reproduce

https://github.com/sendgrid/sendgrid-php/blob/main/USAGE.md#create-a-parse-setting

Technical Details

A backward-compatibe and quick solution might be a Message Authentication Code sent via X-MAC header i.e a salted by the API key hash of the payload.

References

OlegKunitsyn avatar Apr 07 '22 10:04 OlegKunitsyn