Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Users leave comments on other users \"walls\". What I would like to do is to all

ID: 661632 • Letter: U

Question

Users leave comments on other users "walls". What I would like to do is to allow users to reply to each other inside the email client, without logging in Buddypress.

My idea was this one: each comment generates an email notification, and the notification has a Reply-To field filled with a long unique identifier (UUID). I would keep in a table the tuples (UUID, messageId, notifiedUser)

On the server side, when I receive an email in, say, Postfix, I would parse the recipient to see if there is a previously generated UUID, and check if the emitter is the person which the notification was sent to. If I find a match, I parse the email body in search of the reply, then I call some buddyPress PHP code to insert the text inside the database.

My question is: is it secure, and what attacks is this vulnerable to ?

Clearly, somebody sniffing (UUID, recipient) could immediately send garbage by impersonating the original recipient (i.e sending an email with a forged From: field, equal to the To: field of the email he just sniffed). But is it a real concern ? Which paths used by emails are encrypted ?

Explanation / Answer

This is no more or less secure than sending a link in the e-mail that allows responding without having to login. It is not particularly secure, but it is a supported feature. There is already a post by E-mail feature provided in WordPress that you may want to look in to. I'm not 100% sure that it will work for posting comments, but if you do have to write your own stuff, you could base it off the existing mail to post functionality.

Just be aware that e-mail can easily be spoofed and is sent completely unencrypted, so anything you e-mail may be intercepted and anyone could send an e-mail appearing to be from any address unless you use some kind of e-mail signing and verification.

Related Questions

Useful background for this problem can be found in Multiple-Concept Example 2. O
Question #2212667
Useful conversion formulas: OC to OF Multiply by 9, then divide by 5, then add 3
Question #92517
Useful equations and constants hc h 6.626x 10* J.s c 2.998 x 10° m.s 1nm 10 m 1.
Question #716376
Useful facts specific heat of stone, 800 J/(kg K) specific heat of water, 4186 J
Question #1557034
Useful facts specific heat of stone, 800 J/(kg K) specific heat of water, 4186 J
Question #1605615
Useful for expressing problems where it is not obvious what the functions should
Question #3585826
Useful formulas/constants: 1/[A] = 1/[A]_0 + kt ln ([A]_0/[A]) = kt R = 0.0821 L
Question #536060
Useful formulas/constants: 1/[A] = 1/[A]o + kt ln ([A]o/[A]) = kt R = 0.0821 L*a
Question #805278
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Users from the finance department access an Oracle server for their operations.
Next
Users of Accounting Information and the Financial Statements Select whether the

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.