Web hosting reviews - Chapter 15: E-campaign System 555 Security Considerations The
Chapter 15: E-campaign System 555 Security Considerations The checksum algorithm used in making trackable URL links and unsubscription URL needs to be modified before you start using the redir.php and unsub.php applications in real-world email campaign scenarios. At the least, you should change the value of $SECRET in the configuration file. Because the current algorithms are published in the book, someone can easily guess how to defeat them. For example, the computeCheckSum() method in the redir.php application can be changed to: function computeCheckSum() { global $SECRET; $u = $this->getRequestField( u ); $uid = $this->getRequestField( uid ); $c = $this->getRequestField( c ); return ($u << 4) + ($uid << 3) + ($c << 7) + $SECRET; } Here this version uses different bit shifts for $u, $uid, and $c. Of course you should choose your own values to make sure they are not known to anyone. The best approach would be to come up with a completely new algorithm that does not use even the same bit shifting technique. I will leave that to you to develop. Summary In this chapter you learned to develop a simple email campaign system that allows you to send personalized, URL tracked HTML messages to email addresses found in MySQL databases. Note that since the email campaign system uses your default mail transport agent (i.e. mail server), the performance will very based on your mail server s abilities.