Security considerations processing emails
Posted
by Timmy O' Tool
on Stack Overflow
See other posts from Stack Overflow
or by Timmy O' Tool
Published on 2010-05-27T19:42:52Z
Indexed on
2010/05/27
19:51 UTC
Read the original article
Hit count: 209
I have process that will be reading emails from an account. The objective of the process is saving to a database those emails with image(s) as attachments. I will be saving sender, subject body and image path (the image will be saved on the process).
I will be showing this information on a page so I would like to know all (or most of them :) ) security aspects to cover.
I plan to sanitize the subject and body of the email. I can remove most of the tags, probably it would be enough keeping the <p>
tag. I'm not sure if I can trust just in a sanitizer. I would like to HTML encode everything except for the <p>
tag after sanitize, just in case. Any suggestion?
I'm only accepting images as attachment as I said above, any security risk I have to take into account in relation to the attachment?
Thanks!
© Stack Overflow or respective owner