TipJar Security

All transactions at TipJar are verified by return e-mail. This means that although anyone can connect to the tipjar server and initiate a transaction, only transactions which are verified by returning the unique verification code are processed any further.

Although it is true that imitating someone else's email address is very easy, intercepting e-mail that is going to someone's mailbox is much more difficult.

The exception to this is the administrators at your site, who may have the supervisory privileges needed to read anyone's e-mail, much as landlords of rental properties have keys to the apartments.

I rent an apartment and I have never had any trouble.

Anyway it is impossible for someone to complete a transaction from your tipjar account without knowing the UVC which is e-mailed to your own e-mail when you request a TipJar transaction.

UVCs expire after 48 hours: If you receive unexpected UVCs you can ignore them safely.

Since all the information about the transaction is repeated for your review on the UVC form, anyone who is trying to abuse TipJar should be able to do nothing more than embarrass themselves.

If we can't type our own e-mail addresses in correctly often (at TipJar you only need to type in your e-mail address once, when you register initially. If you always connect from the same machine or remote access provider you will never need to type in your own alias, either, unless you want to of course) maybe we will get to know the people with similar e-mail addresses to our own, much as one becomes accustomed to the set of people who misdial the phone numbers of our "telephonic neighbors" and mistakenly ring our telephones.

TipJar Home Page


The definitive text on internet security is Firewalls and Internet Security : Repelling the Wily Hacker by William R. Cheswick, Steven M. Bellovin which has a second edition due out soon.
Advertisement:
Internet Link Exchange
Member of the Internet Link Exchange