Hi all!
I released yesterday an interesting (at least for me) little “information center” for email clients (supporting Entourage, Mail, Mailsmith and PowerMail).
Basically, you, as end user, send me a message with subject “commander?doSomething=whatever”. In my email client, is executed the script “commander” with the provided parameters. These parameters will call the requested module (for example “sendMeDocs”), which is another script which will execute some actions and return a result. This result is commonly the body for the answer to the original message and could also include attachments.
I use it, for example, when I’m out of home and need information from my databases, entries in my Address Book, and even as a print center, where I send a document and it is returned as PDF or passed to the printer.
Well, it works fine for me.
However, when I release this to the public domain, there is a great inconsistence: security. Though “commander” keeps a list of authorized email addresses or domains, you know it is very easy faking an email address. Though it is very difficult for me guess if you installed “commander” in your machine attached to a very particular email account, I could still send you an email and test if it is installed, so this is a so-called “security hole”.
You can see the first warnings here:
http://www.macupdate.com/info.php/id/13434
http://www.versiontracker.com/dyn/moreinfo/macosx/21671
http://scriptbuilders.net/category.php?id=1581
Well, there are two solutions:
- Forget “commander” and trash it forever.
- Attempt to create a security system.
I’d like take a look to the security system stuff and I’d like some help from you. I thought the following: - Create a simple permissions manager where a particular mail address has associated a password. This password may ride from mail-to-mail as plain text. So, potential hackers may catch it, though it is not very probably there are hackers looking to my poor bytes :?:
- Instruct the user to change the name of “modules”. commander will execute the following actions when this is the subject:
commander?moduleName=parameters
Then it will execute “moduleName”. If you change the name of the provided module “help” to “sdfksfduoiewriuoifdsoiu”, it maybe difficult for a folk guess the name of such module and, consequently, attempt to access its capabilities.
However, the stupid hacker could still listen the connection.
Well… I’m missing here. Any ideas?