Internal SugarCRM Project: Secure Password Emailer
We asked our engineering intern, Jim Rybarski, to contribute to our blog and give some insight to the internal projects he’s been working on here at W-Systems. In this week’s mini-series update, Jim goes over the new browser-side password encryption program (or Secure Password Emailer for short). Handling client passwords is a delicate task but we trusted Jim to do the job well and he did. Here is what Jim had to say.
W-Systems is very serious about protecting client credentials, and while we have a very secure way of storing and accessing this information locally, sending passwords to clients makes one susceptible to all sorts of security hazards. Our previous standard practice was to call a client and verbally communicate their login information over the phone. It's a reasonably safe method, but giving someone a random sequence of mixed-case alphanumeric and special characters is something best done by computer. Email is out of the question, as it can be easily read by an attacker. A recent project of mine has been to create a Password Emailer module in Sugar to enable a convenient and safe way to communicate password and login information. When an engineer wants to send a password to an individual, he will open up the Password Emailer module, enter the password in the plain text field and choose a client from our Contact list.
Then he will save the record, and he’s done! Behind the scenes, Sugar generates a random key, encrypts the password with it, and sends the client an email with a link to an entry point, with the ID and key as GET parameters. The record is then saved (minus the key), so the only information that ever gets stored in our database is the encrypted version of the password. Since the key isn't stored anywhere, we cannot decrypt the password.
On the client end, they will receive an automated email from the engineer who created the record (we do this using the SugarPHPmailer class). This email will ask them to open up a link to read their message which is delivered over a secure SSL connection. Once the link is opened, Sugar decrypts the password with the key in the link and displays it for the client. It then deletes the encrypted password and records the IP address of the person who opened the link along with the time that they viewed it.
If a second attempt is made to open that link (or if an invalid ID is used, or the record is more than 72 hours old), the engineering department at W-Systems will receive an email, notifying of a possible intrusion attempt.
The secure password emailer was built for W-Systems to use internally but is versatile enough to use in other situations. Because any message can be sent through the encryption process, secure data and information other than just passwords can travel safely to a contact. If you are sending confidential information such as passwords, bank information, SSN, financial data, etc. via email, we encourage you to consider a more secure method. If you have any questions about the projects discussed in this mini series, please contact us today.