posted
I'm making the web site for our wedding and need some suggestions on the RSVP function.
I've already got a database set up and admin routines with traditional log-in security. What I need to figure out is the best way to secure the RSVP function. The wedding invites will have the URL. Guests need to be able to go to the URL, click RSVP, and then tell us how many people are coming.
The problem I'm having is identifying and verifying the person logging in. I've come up with three possible schemes:
1.) Have the person type in a last name and select from a list of matching guests. Easiest way to ID the user, but way too insecure, since my last name will be on the site and I'd curious expect people to type in my name and see my whole family or just try random names.
2.) Include a password on the invites (same for each user). This would keep casual snoopers away, but one person can spread the password for everyone.
2.) Have the person enter a code included on the invitation, based on the sequentially assigned guest ID field. I could spoof the number somehow so it's more randomly assigned (run it through a sine or natural log function and take the first 4 digits, for example). The tradeoff is more security v. less usability. If they lose the invitation (the URL is easy to remember), they won't be able to RSVP at all.
posted
Encode a unique ID in the URL to the RSVP system, as well as a password. The ID ensures each person will only see their RSVP page, and the password (which should be stored in an encrypted format in your database) will ensure that only they can access their invitation.
So the process would be:
code:
You -------------------------------------- Guests Email with ID in URL and passwords -----------> <---------------------------------- Click on URL Display login page requiring password --------> <-------------------------------- Enter password Return RSVP page ----------------------------->
-Bok
EDIT: So I basically outline #3. I'd go that way, if they have issue, have an email address in the original email (called, say, RSVPissues@dagonee.is.awesome.com) that you will see if there are problems, and reset and resend a password/ID pair.
posted
I'm confused. Why are you even bothering to maintain security on a RSVP form? Does it MATTER if people can see who's attending?
Posts: 37449 | Registered: May 1999
| IP: Logged |
posted
No - the read only info on who's attending is already secure, and pretty easily. The problem is some annoying person stumbling on the web page and RSVPing for a bunch of guests.
Bok - that sounds good, but the invites are paper. So the URL and password need to be easy to type. I think I'll do pretty much what you described.
It's an interesting design issue, because it's less a security issue and more a usability/password dissemination issue.
By the way, web programming is a lot more fun when there's no customer.
posted
Dag, why not set the RSVPs up with names attached to each? That way you can simply cull out anyone who didn't get an invitation.
Posts: 2848 | Registered: Feb 2003
| IP: Logged |
posted
Mainly because I was lazy when I defined the data structure and didn't make RSVPs a separate entity from invitations. I've written the admin app, including parts that allow us to enter snail-mail RSVPs, and don't have time to change it.
Poor planning on my part, but I have been out of this for a year, so I have some excuse.
posted
Well, this issue is made easier by the non-mutability of passwords/ids. So long as they have the invitation, they can always log in... And they can mail/call/email you if they mess something up (I assume you can reset them?).
posted
And if you've done your SQL queries properly (named fields), then you should be able to just modify your database for this purpose without affecting how the rest of the site operates.
Posts: 15770 | Registered: Dec 2001
| IP: Logged |
posted
See, I'm just weighing the amount of time you've spent on this versus the likelihood that an "annoying person" will feel the need to submit false RSVPs, and I'm just not sure it's necessarily worth the effort.
Posts: 37449 | Registered: May 1999
| IP: Logged |
posted
Good point. You know of any links to good hashes to turn integers from say 1 to 100 into 4-6 character passwords? I need something I can do entirely in script, since I can't post DLLs to the server. (It's in ASP, but I can translate from Java, PHP, or C if I have to). It doesn't have to be banking secure.
My old standby is to place a text file with about 1k characters in it, and use the key value create an interval to cycle through letters.
I've lost access to my best research tools since I left my company. Of course, normally I just said, "XXX, I make this secure."
posted
Fugu - Yes - modifying the DB for this purpose will be no problem - I accounted for some kind of password.
The big modification would have been just allowing anyone to RSVP, and matching them to invites in a batch process with manual intervention. That would have required no security, but a lot of changes at this point.
Is Inverse Hyperbolic Sine irregular enough?
Dagonee
Edit: Tom, I'm actually worried about a specific annoying person who knows enough of my friends to guess at half the guest list. He's annoying, but lazy, so almost any security that can't be immediately guessed will work.
posted
See, if that's the case, I would "solve" the problem by simply sending a confirmation E-mail to the RSVPing couple, including a phrase asking them to notify you of any errors or changes. If they receive such an E-mail WITHOUT RSVPing, they'll think to contact you.
You're dealing with a small-enough scale here that I think you might be over-engineering your solutions.
Posts: 37449 | Registered: May 1999
| IP: Logged |
posted
Uh, you can just use a standard hash function. Like SHA1 or MD5 or MD2. They give you too many digits, but if you want you could just pick some of the digits at random, or take the last 5 or so (they're reasonably random). Hashing's pretty much a solved problem. Don't try to reinvent the wheel and all that.
posted
Tom's right, confirmation emails are your friend. And in each email, just include a URL based on the email address (hashed) which is a "change your RSVP" link.
Posts: 15770 | Registered: Dec 2001
| IP: Logged |
posted
fugu, Are those hashing algorithms published anywhere? I have to rewrite them in VBScript (Web Hosting rules). Otherwise, I'd just be using the CryptoAPI and this wouldn't be an issue.
Tom - I will have confirmation emails. Adding the security shouldn't take any significant time if I've got the hashing function. It's less than half an hours work at most, so it seemed worth it.
posted
You don't have access to basic programming libraries?! Get a real web host.
And wait a second, VBScript? This is client side?
edit: And yes, all those hashing algorithms are publicly described all over the place. They wouldn't be considered valid hashing algorithms otherwise, because no one could trust them.
If you want something more irregular, I'd just take the first 5 letters of someone's name and rotate them each through the alphabet differing amounts. It would take someone with a very good intuitive grasp of patterns to notice without studying it for a while, with only one sample.
Also, you can test if you have access to the crypto APIs simply by writing a basic page that uses them .
Posts: 15770 | Registered: Dec 2001
| IP: Logged |
posted
Oh, and if you don't, I suggest using the rotation scheme I suggested above, and include numbers in the rotation. Itsvery hard to figure out from a single example unless you manage to guess it, which is fairly unlikely.