Security considerations processing emails

Posted by Timmy O' Tool on Stack Overflow See other posts from Stack Overflow or by Timmy O' Tool
Published on 2010-05-27T19:42:52Z Indexed on 2010/05/27 19:51 UTC
Read the original article Hit count: 209

Filed under:
|
|
|

I have process that will be reading emails from an account. The objective of the process is saving to a database those emails with image(s) as attachments. I will be saving sender, subject body and image path (the image will be saved on the process).

I will be showing this information on a page so I would like to know all (or most of them :) ) security aspects to cover.

I plan to sanitize the subject and body of the email. I can remove most of the tags, probably it would be enough keeping the <p> tag. I'm not sure if I can trust just in a sanitizer. I would like to HTML encode everything except for the <p> tag after sanitize, just in case. Any suggestion?

I'm only accepting images as attachment as I said above, any security risk I have to take into account in relation to the attachment?

Thanks!

© Stack Overflow or respective owner

Related posts about c#

Related posts about security