By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
428,759 Members | 1,727 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 428,759 IT Pros & Developers. It's quick & easy.

PHP and Protecting Email

P: n/a
Jim
I have contact info including email address in MySQL. If I use php to
extract them into online directory, can a spambot harvest the address? or
does the spambot read the raw php code?

I previously used javascript to hide my email addresses but more and more
people are disabling javascripting for security reasons. I need to find a
way to keep my email address from being harvested.

Does encoding the email with Ultimate Mailto (hex and dec code) help?

How can I protect the emails in MySQL when they are displayed on a page?

Thanks

Jul 17 '05 #1
Share this Question
Share on Google+
2 Replies


P: n/a
"Jim139" wrote:
I have contact info including email address in MySQL. If I use php to extract them into online directory, can a spambot harvest the address? or
does the spambot read the raw php code?

I previously used javascript to hide my email addresses but more and more
people are disabling javascripting for security reasons. I need to
find a
way to keep my email address from being harvested.

Does encoding the email with Ultimate Mailto (hex and dec code) help?
How can I protect the emails in MySQL when they are displayed on a
page?

Thanks


spambot is not going to read php, and is only going to read the html
rendered page.

The rest of your question really does not pertain to a php newsgroup,
and you should be able to find your answer elsewhere. In my case, I
hide it behind a button and a text box. A certain text string has to
be inserted in the text box, and the button pushed until the email
address becomes visible. Something beyond the reach of a bot.

There are also many other solutions.

--
http://www.dbForumz.com/ This article was posted by author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.dbForumz.com/PHP-Protecti...ict130515.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.dbForumz.com/eform.php?p=435421
Jul 17 '05 #2

P: n/a
>I have contact info including email address in MySQL. If I use php to
extract them into online directory, can a spambot harvest the address? or
does the spambot read the raw php code?
Clients do not read raw php code. The server won't send it.
(Unless you manage to break PHP, e.g. briefly while upgrading it,
or misconfigure it, e.g. naming a PHP script foo.pjp, which the
server treats as text.) If you're concerned about harvesting
email addresses, also worry about your database password, which
could give away the mother lode of spam targets.

If the email address is sent to a client, you can assume that a
spambot *WILL* harvest it, unless you limit access to that page to
a small group of trusted people with passwords or some other
authentication method. The mere idea of having an "online directory"
invites spam.
I previously used javascript to hide my email addresses but more and more
people are disabling javascripting for security reasons. I need to find a
way to keep my email address from being harvested.
Javascript is nearly worthless for hiding email addresses from
spambots (aside from the fact that it is Turned Off(tm) and a
Security Hole(tm)). Spambots likely just do a regular-expression-match
on email addresses in amongst the HTML and Javascript code; they
don't actually bother to format any of it, much less run any
Javascript. (If it shows up looking like an email address with
View Source, it's vulnerable). Whether or not actual people with
browsers run Javascript is not very relevant here. They aren't
your main threat. However, if you ARE worried about them, remember
that cut 'n paste or eyeball-and-keyboard can harvest stuff designed
to be 'bot-proof.
Does encoding the email with Ultimate Mailto (hex and dec code) help?
I don't know what this is.
How can I protect the emails in MySQL when they are displayed on a page?


If they are displayed on a page, anyone who can view that page
can harvest them. The solutions are (a) DON'T display them, or
(b) severely limit who you display them to. One approach is to
only display email addresses the user already knows (his own).

One possibility is to render the email address into an image
using an unusual font (say, the Kidnap font) and transfer it
as an image. That's still vulnerable if any spammer manages
to convince one of your people with access to transcribe it
for them with promises of $$$.

Gordon L. Burditt
Jul 17 '05 #3

This discussion thread is closed

Replies have been disabled for this discussion.