webmail for special client -- advice?
I have a special client, so special she doesn't know she's a client yet. She's my son's Kindergarten teacher.
She wants to send out emails to parents that have photos of their children during field trips, but she wants to keep the email addresses separate and wants to keep her email address private. She can achieve most of this through the school based system, I think, but I was thinking, well, hmmm, I wonder if I could do this.
What I'd like to set up is a password-protected portion of my business website that would allow herself (and any other teacher in the school/board) to login and send anonymous emails to the parents of their students... Naturally, I do not want this to be abused, so I find myself trying to work out the logistics. For those that know, would you please look over my plan and poke holes in it?
1. login (set by me) controls what email lists are accessible to what person logging in
2. the database has different tables, all the same set up, per class -- I was thinking it would be safer that way than having all the emails in one table with a class flag? Is that just silliness on my part?
3. While the database would be vulnerable to me and my prying eyes, I can sign a non-disclosure and have no problem with that level of responsibility. What I need to ensure is that the teachers only have access to their own list and no one has access to the teacher emails.
4. The "From" email will be nothing. Can it be nothing? A total blank? Or just text "Mrs. Kindergarten Teacher's Morning Kindergarten Class".
5. Each JK and SK teacher would have two lists, the rest of the teachers would have only one email list.
6. They would not be able to use this application to mail anyone else, only their own lists. However, they would be able to add and otherwise manage their own lists...
What am I missing in this? Oh, yes...
7. They will be able to attach an unlimited number of images and send them along...
Ideas? Holes?
druagord posted this at 23:13 — 19th November 2003.
He has: 335 posts
Joined: May 2003
I'll tell you what i can about each point
1- that should be no problem i will explain a system i tough of furter down
2-no it wont be safer since you are probably using the same database user for all your connection you can use only one table with some this depend on how you want to manage your system more then on security
3- this will depend solely on how well you build step one
4- no it can't be nothing it as to be something but the from name can be nothing. if it not a valid email you won't receive return mail i.e. typo in adress
5- sorry i don't understand JK and SK but it can be done
6- since the to will come from the database that's not a problem. if they can manage the it can become one. i suggest you limit the list to something like 30 mail max that should be ok for a Kindergarden class.
7- the number of attachement is not a problem but you should limit the total size since most mail server are limited to 5mg per message.
for the login there multiple ways of handling it that range from total paranoia to pure carelessness (is that a word?). for exemple whatever system you use if it's not in ssl the password can be 'listened' while traveling from the client machine to the server i guess you need to be a bit more specific about the level of security you want. usualy i make a user table and use password() function in mysql to encode the password in the table then at login time i compare the encrypted versions. I will gladly help you on such a project if ever you need it.
i found and use phpmynewsletter on sourceforge.net it doesn't have all the feature you need but it does have few of them you could maybe improve on it instead of starting from scratch or at least get some ideas
IF , ELSE , WHILE isn't that what life is all about
Greg K posted this at 23:19 — 19th November 2003.
He has: 2,145 posts
Joined: Nov 2003
The from field I would definitely set to something, perhaps with permission, a general e-mail address for the school. Sending with no FROM (if you can) would probably trigger some spam filters.
I would suggest having an area where the parents can go to send e-mail back to the teacher, in case they decide to stop receiving the mailings, or want to let them know about an e-mail address change.
You would mainly just need a field for them to enter which e-mail address they are currently receiving the mailings and a text box for the message. The system should be able to automatically e-mail all teachers who have that e-mail address on their list.
This brings up multiple kids in the same family with different teachers. Boy A has Teacher A and Boy B has teacher B. Both boys have the same e-mail address. So should have some type of check that if Teacher B updates her e-mail address for the family, it lets Teacher A know as she would most likely need to change hers as well.
I don't think there really is a need for separate tables for each class as long as it is programmed well.
As an additional safety measure, if all the teachers have access to send them from the school, restrict the outgoing mail to only work from a range of IP addresses the school might use.
Very important would be teaching the Teachers how to resize the images! Many people take pictures with high res cameras now, and just try to send them in original form.
My aunt once scanned 3 photos on her scanner (ended up being one .BMP image of 8.5x11") and e-mailed the file out to relatives and friends. Her sister asked me why they were not coming in for her, here it was because AOL was still downloading the images, which ended up taking almost an hour. The aunt that sent the picture said she didn't realize that each person [on dial-up] would have to wait as long as it took her to send them out.
-Greg
Suzanne posted this at 00:26 — 20th November 2003.
She has: 5,507 posts
Joined: Feb 2000
Good point about the file size of the email. And the null from field -- hmmm. A default perhaps to me would do, or the school.
I can see how this would expand in scope exponentially.
Thank you very much for the perspectives, I will likely be back with glitches and small issues that need to be ironed out.
I'd really like a quick run down on the security issues of various options, though. SSL is not an option.
druagord posted this at 01:48 — 20th November 2003.
He has: 335 posts
Joined: May 2003
In this kind of app the admin side is going to be a lot more work then the send an email form. I know SSL like you know it is probably not an option but if you really wnt it to you can sign your own certificate when you are going to acces it your browser is going to tell you that it's no sign by a trusted autority but the encryption will still work, but thats the paranoid level
. I use htaccess for that kind of app in php you modify the htaccess file and get the user who is logged in so you can match it with your database i think thats a more reasonable way of doing things
IF , ELSE , WHILE isn't that what life is all about
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.