4

I am developing an admin panel for the company I'm working at, and was wondering about something. I want to increase the experience for the employee. I want them to be able to connect to their email by entering the login credentials, and then read the emails inside the admin panel. What I need help with is this:

If I establish an imap_open connection, I need the password in plain text (as far as I know). I can't safely save the password in the database knowing that it would be a catastrophe if a hacker got their hands on the data.

Basically, I want to:

  • Create an imap_open connection with an ENCRYPTED password. Preferably as bcrypt.

Do any of you know how to do this? I've searched on google, and even seen some other questions on stackoverflow, but I can't seem to find an answer to the question. I would NEVER save the password as plain text. And just using a COOKIE or SESSION seems cumbersome.. for the admin to login to their email all the time, when all I want is for the email to load for the appropriate admin account when logged in.

Teskon
  • 115
  • 1
  • 12
  • How could this possibly work? – Jonathon Reinhart Apr 26 '14 at 21:52
  • I've seen a PHP application that encrypts an imap password in the database, and decrypts it when needed. However, a look in the code and a malicious user can decrypt your password! If not mission critical, couldn't you ask for the password and store it in memory until the task is done? – Luke Madhanga Apr 26 '14 at 21:55
  • Why not have them enter their password to see their e-mails? I have an application where I must store user credentials. I use assymetric RSA encryption. The password is encrypted server-side before its ever sent to me, and decrypted on an completely different server for use later on. If someone attacks the web server, unless they hop to my application server they are unlikely to recover the key. – Brad Apr 26 '14 at 21:55
  • What I want, is basically show the recent emails for the admin account when logged into their admin account where everything admin-ish is done (creating blog entries, editing employees).. I don't want them to login one more time after they've already logged into their admin account because it's not that user friendly.. – Teskon Apr 26 '14 at 21:57
  • If you can connect to the mail server based only on the encrypted password, so can an evil blackhat attacker. The attacker can't recover the key, but also doesn't neeed to. – arnt Apr 27 '14 at 11:09
  • bcrypt is not a encryption function (as it is not reversible) – Max Apr 27 '14 at 15:17

3 Answers3

1

If I'm understanding correctly, you want to:

  • store the user's password securely on their machine
  • use it to connect to the mail server
  • download email

Storing the user's password in plaintext is clearly a no-no. There are different ways you can handle this. The application could actually request the password from the user, which is an easy but not very convenient solution.

Usually passwords are stored using one-way hashing schemes such as SHA256 or bcrypt, but that means that you can only check whether a password matches them; you can't retrieve the password and send it elsewhere. So you have to turn to symmetric key encryption. You store the encrypted password somewhere (in a database), and when you need it you retrieve it, decrypt it, and send it over your IMAP connection. The problem with encryption is that it relies on a key, which may be compromised at some point, but hashing is not an option if you need to retrieve it.

The other thing to note is the risk in sending the password in cleartext. This is very much taken care of if your server uses SSL.

Gigi
  • 28,163
  • 29
  • 106
  • 188
-1

Yes, of course AUTHENTICATE PLAIN encodes a password. But servers which support admin access allow you to encode the admin's password along with the user's name so you can access the user's account.

$login_str = sprintf("%s\x00%s\x00%s", $user_name,$admin_name,$admin_pwd);

$login_str = encode_base64("$login_str", "");

When you use the encoded string in an AUTHENTICATE PLAIN login you are given access to the user's account. And you don't need the user's password.

If you do this with AUTH PLAIN...

sprintf("%s\x00%s\x00%s", $user_name,$user_name,$user_pwd);

Then you get access to the user's account. But supplying admin credentials seems to do what the OP wants to do without storing passwords.

Zakaria Acharki
  • 66,747
  • 15
  • 75
  • 101
Rick Sanders
  • 541
  • 1
  • 3
  • 3
  • 1
    ...at the expense of having a single password in cleartext which can access everything else. It is up to you to evaluate whether this tradeoff makes sense in your particular setup. – Jan Kundrát May 05 '14 at 17:53
  • 1
    Again, this answer is totally irrelevant. The question asked for some sort of encryption. Encoding is not encryption. AUTHENTICATE PLAIN is just as good as LOGIN as far as security is concerned. – Gigi May 05 '14 at 19:15
-2

If your IMAP server supports admin login via AUTHENTICATE PLAIN then you don't need the user's password to access his mailbox.

Many IMAP servers support this, for example Dovecot, CommuniGate, Zimbra, to name three off the top of my head.

Rick Sanders
  • 541
  • 1
  • 3
  • 3
  • 1
    Wrong, AUTHENTICATE PLAIN includes the password encoded in base64 - for a practical example see: http://stackoverflow.com/a/14158574/983064 – Gigi Apr 28 '14 at 18:26