1

I'm working on a website that allows a current user to invite another individual to be friends by typing in the non-user's email address. The non-user would then receive a custom registration url by email which would, when used, automatically connect the two users, giving each access to the other's private information.

The custom registration urls will be somewhat protected by use of cryptographically random nonces (i.e., site.com/very-long-random-nonce), hopefully protecting against replay attacks or people simply guessing someone else's registration link.

My concern is that, if the email should be intercepted in transit, the interceptor could gain access to the inviting user's private information. How can I ensure that only the intended recipient will receive and use a custom registration url?

Nathan Arthur
  • 113
  • 5

3 Answers3

2

For this your main concern is making sure that the information is only accessible to the intended recipient; which sounds a lot like what public cryptography / PGP tries to achieve.

Unless you want to see if the target non-user has a PGP key published, or if you can get his certificate to encrypt the email with his public key; I think you'd just need to assume that he/she will be the one reading the email.

Another note is that a user can determine whether this person is really who he/she claims to be, maybe by inserting a secret question that only the recipient know. But that would make it a pain to use.

ndrix
  • 3,206
  • 13
  • 17
  • I'm accepting this for suggesting having the original user review the new user's registration some how. This is what I'm going to go with. I'll be requiring email address validation on registration, and then requiring the original user to review the new user's info should the new user use an email address different than that which the original user used in his invitation. – Nathan Arthur Apr 15 '14 at 13:26
1

I don't think you can. You know nothing about the intended recepient, so whomever receives and uses the link is as likely as anyone else to be the right guy. A common half-measure is to make the link valid only for a short time.

ddyer
  • 1,974
  • 1
  • 12
  • 20
0

What if instead you sent them a generic link that takes them to a page on your site which then generates a random, temporary url for them and forwards them to the registration page.

Python Novice
  • 531
  • 1
  • 6
  • 11
  • I think that's what he meant with the "site.com/very-long-random-nonce"; it could still be intercepted though. – ndrix Apr 16 '14 at 05:43