Display email in a web page

Question

I am sending out campaign emails as well as emails containing sensitive information. I need to display a web version of the email and currently I am doing it through passing everything in the query string as the PHP page will fetch the query string and display it like any other web page. But is there any other secure way of displaying it other than passing the query string through "View in Browser Link ?

Any encryption(not encoding) is possible here ?

I am using sendgrid as the email distributer , but I don't want to use their web version and would like to display it from my PHP page only.

Answer 1

If you have all the information in your DB to prepare the email in the first instance then there's no need to pass it via a query string to display it in the browser.

You could add an email_key record to your DB, and pass this to the query string, like so: https://yoursite.com/email?email_key=randomkeythatmatchesthedb.

Your script than then use this unique key to lookup the information in the DB, and build out the email view in the browser for the user.

Most importantly if dealing with sensitive information you must ensure it's properly encrypted in the DB and also make sure the calls to view in the browser are passed over HTTPS, not HTTP.

Answer 2

You can generate a unique key using Crypt with a salt and save it in the DB. Instead of passing everything in a query string, pass this unique key and based on this key fetch the details and show it on the screen.

You can have a expiration time attached to this key to make it more secured.

$unique_key = crypt($string_to encrypt, $unique_salt);