在PHP中发送安全电子邮件的最佳方式是什么? [英] What is the best way to send a secure email in PHP
问题描述
我正在使用PHPExcel创建XLS文档,以防这有助于。 p>
感谢任何帮助!
Metropolis
加密电子邮件是最安全的方式来做它。如果您有服务器的控制权,您可以安装GPG,并从命令行调用它,以使用密钥对电子邮件进行加密。收件人的缺点是需要一个插件到他们的电子邮件客户端和公钥来解密消息。
一个稍微不那么安全的方式,但最终用户更容易发送一个包含用于下载XLS文件的人的链接的普通电子邮件。然后XLS文件存储在密码保护区后面。使用HTTPS加密页面和下载。此外,您可以使用MD5创建一次HASH,或者更好的是由PHP脚本生成并存储在与文件相关的数据库中的SHA256。将其作为链接参数发送,并将其过期。这使得无意的人更难以访问链接。
第二种方法也可以在任何允许您执行SSL的主机上使用。无需对服务器进行特殊访问。
I wrote a PHP script which will run every Monday using cron. In this email I am attaching an XLS document which contains sensitive information. What is the best way to secure this email? Can I set a password on the XLS document? Can I encrypt the email and only allow the correct receiver to have authorization to open it?
I am using PHPExcel to create the XLS docuement, in case this helps.
Thanks for any help!
Metropolis
Encrypting the email is the most secure way to do it IMHO. If you have control of the server you can install GPG and call it from the command line to encrypt the email with a secret key. The downside is the recipient will require a plugin to their email client and the public key to decrypt the message with.
A slightly less secure way but easier on your end user is to send a plain email containing a link for the person to download the XLS file. The XLS file is then stored behind a password protected area. Use HTTPS to encrypt the page and the download. Additionally you could create a one time HASH using MD5, or better, SHA256 that is generated by the PHP script and stored in a database in relation to the file. Send that as a link parameter and have it expire. That makes it much more difficult for an unintended person to access the link.
The second method also has the benefit of being available on any host that will let you do SSL. No need to have special access to the server.
这篇关于在PHP中发送安全电子邮件的最佳方式是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
