Author Topic: Security and Mailing Lists (Read 844 times)

ankles · September 09, 2013, 01:58:51 am

I am working for a charity that has a lot of customer details stored on the CiviCRM installation, and it's very important that this is secure. We haven't publicised the URL anywhere.

We are close to setting up new mailing list functionality, and sending regular newsletters. I'd prefer people to get a URL to click to unsubscribe but this will mean that people will have to get the URL to the CiviCRM install to unsubscribe from the lists. This is in contrast to the opt out emails which would be a bit confusing for some users. But this would mean users would get the URL of CiviCRM and raises the potential of hacking.

What would other Civi users recommend as a good way to solve this? I was thinking of using a unsubscribe script on a different domain and linking to that, but I'm not sure this would be possible...

Thanks
Alex

Donald Lobo · September 09, 2013, 07:51:36 am

surprisingly enough this is the second or third time i've seen this request in the past few weeks.

one option might be:

a. set up civicrm on a public web server and internal web server both pointing to the same DB

b. on the public web server, use permissiong or apache directives to ensure that the only valid civicrm urls are the mailing urls

c. You'll need to modify civicrm and tell it to generate all mailing related urls using the public webserver name. Seems like this might be a good setting to introduce

lobo

adixon · September 09, 2013, 09:07:52 am

You could also implement this with an apache setup that accepts different domains/ips for the same site, but then filter traffic going to the 'secure' version at the network level (e.g. firewall) and set up some apache filters to restrict paths accessible via the 'pubic' version. You'd have to configure a base_url that's responsive, but I don't think that would be hard.

Setting up separate civicrm installs pointing at the same domain sounds a little more fragile and harder to maintain.

- Alan

Donald Lobo · September 09, 2013, 11:02:08 am

agreed that a 2 server system is fragile. I was thinking of the case where there was a hard distinction between an internal server and the public website (common in govt orgs) with the IT dept willing to let the public website access to the shared DB machine

lobo

Donald Lobo · September 09, 2013, 01:27:02 pm

Another option that is used by the state senate is as follows:

We have a separate, public facing server setup running Squid (http://www.squid-cache.org/). All images in our emails are rewritten (using the alterMailParams hook) to reference the squid server URL instead of the CRM url. When an email is opened, the image is requested, and the squid server retrieves it from the backend data dir and caches it for future use. Squid can be configured very precisely to define where the firewall access is allowed. So the public is only ever interfacing with the squid server, and the squid server is the only access point through the firewall.

lobo

dmdude · September 10, 2013, 09:57:19 am

Here's what we were thinking of doing for this. We've installed the webform_civicrm Drupal module, so we have our subscribe form as a page on the Website. Likewise, we will use a similar form, but set the privacy settings on a submit so that the form submitter will no longer get any emails or other messages. We'll probably have a cron job clean up contacts that have these privacy settings. We don't have the email notification working yet however.

CiviCRM Community Forums (archive)

News:

Author Topic: Security and Mailing Lists (Read 844 times)

ankles

Security and Mailing Lists

Donald Lobo

Re: Security and Mailing Lists

adixon

Re: Security and Mailing Lists

Donald Lobo

Re: Security and Mailing Lists

Donald Lobo

Re: Security and Mailing Lists

dmdude

Re: Security and Mailing Lists