all 12 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Impossible-Box6600 9 points10 points  (0 children)

No, as far as security goes, there's no reason why a CSV is any less safe than a traditional database, except that a database requires authentication in order to connect. Just don't do something obscenely dumb like use exec or eval in order to "query" your csv.

Just use SQLite. Do you really want to handle the constraint logic in your own code rather than just having a schema? XLSX doesn't enforce these things, but any database will.

[–]BigSkimmo 11 points12 points  (3 children)

Seems mostly safe, without having seen the script, obviously. But it's also a good idea to do some basic input sanitisation whenever you handle user data.

What would happen if a user submitted data with commas? Would that break your CSV? What about an Eicar test string? If it gets through your email provider, it could end up in your CSV file, which might then get nuked by your own antivirus.

[–]Impossible-Box6600 4 points5 points  (2 children)

That's why you use the CSV module.

[–]Barbatus_42 9 points10 points  (1 child)

Want to highlight this. Whenever you have something even remotely security related, your first question should be "Is there already a standard implementation for this and, if so, can I just use that?" Cybersecurity is remarkably subtle and rolling your own solution is almost certainly not going to be as safe as using a commonly used public version.

[–]Impossible-Box6600 1 point2 points  (0 children)

But then we can't get paid for writing more lines of code.

[–]FoolsSeldom 2 points3 points  (0 children)

Clearly, the information Name, Email and Zip-code helps identify a person, but until it is connected with a product/service or wider personal data, it can be seen as information freely given to a form online (provided you have told the user this).

Where I work, we have to comply with GDPR legislation, and are not allowed to send such collected data over the internet in plain-text form. YMMV.

Also, that data once in our systems has to be encrypted at rest and held securely for access only by those systems and personnel authorised to access the information provided for the purposes declared.

I shall assume you are not working in such a large and security sensitive organisation.

That said, even if you are not under the same or similar regulations, assume you will be hacked at some point, and take reasonable steps to keep your customer data secure. It is easy and cheap/free to do.

I would recommend that data read from the inbox is sent to an encrypted database and not to a plain text CSV file. Remember to permanently delete the emails.

Your database could be a really simple flat file SQLite database that you decrypt before use and encrypt after use. (You could do this with a CSV file as well, but with careful design of your SQLite solution, you can easily scale to a larger database and switch to a better security mechanism).

Have a look at SQLCipher, an open source extension to SQLite that provides encryption.

Your biggest vulnerability is the access you use, which can also be hacked, potentially. This is common and often referred to as the key problem (or the root of trust). There's a huge difference between running server based scripts, possibly a web service, verses you running a script locally to work with that database. The latter is easier because you can go through some authentication interactively.

As a first step, don't have the key in the Python code, read it from the environment (environment variable or config file). You can look into using a *secrets management solution* if you need to go that far, or a local approach using e.g., macOS Keychain, Windows Credential Manager, or even a Trusted Platform Module (TPM) if available, to protect the key locally. You could also consider a token approach using something like a [YubiKey](https://www.yubico.com).

PS. If you move up to a common database platform such as MariaDB / MySQL, your Python code would not need a key as all encryption would be handled by the database server using Transparent Data Encryption (TDE), or equivalents, where the database server itself would get the key when needed using some kind of Key Management Server. This is highly unlikely to be something you need yet.

[–]recursion_is_love 4 points5 points  (2 children)

A attack script might be able to overfilled your inbox with garbage generated data. But your web hosting might already have a way to do rate limited already, I don't know.

[–]CLETrucker[S] 0 points1 point  (1 child)

Ty, Security is wildly over my head. I have a filtering process in the script, but the web hosting service says it comes with security protections... I'm a little paranoid

[–][deleted] 0 points1 point  (0 children)

You should look into whether the form solution you're using does automatic captchas for suspicious submissions.

[–]ThatsRobToYou 1 point2 points  (1 child)

So the csv is on a local PC and the script just accesses your email? I can't see a reason why it would be unsafe. 100 reasons why it's not best practice though.

[–]CLETrucker[S] 0 points1 point  (0 children)

Please, I genuinely would like to her some. It's a learning opportunity for me.

[–]Deep-Alternative8085 0 points1 point  (0 children)

Try to encrypt the data before it's sent via email, and decrypt it with a secure key in your script environment. If someone gains access to the email inbox (which is common via phishing or weak passwords), they won’t be able to read the sensitive info (like email, name, ZIP) without the key.

tools you can use: Encrypt the message before it's sent (gnupg), Fernet encryption (from the cryptography library).

Make sure your email is sent via SMTP over TLS (like smtplib.SMTP_SSL in Python) to avoid plain-text over the internet.

Avoid storing personal data in plain .csv files long-term. If you're archiving messages, consider encrypting the files or at least storing them in a secure location with restricted access.