How would you implement database updates via email?

views:

440

answers:

+3 Q:

How would you implement database updates via email?

I'm building a public website which has its own domain name with pop/smtp mail services. I'm considering giving users the option to update their data via email - something similar to the functionality found in Flickr or Blogger where you email posts to a special email address. The email data is then processed and stored in the underlying database for the website.

I'm using ASP.NET and SQL Server and using a shared hosting service. Any ideas how one would implement this, or if it's even possible using shared hosting?

Thanks

+1 A:

E-mails can be trivially forged. I would only do this if you can process PGP / SMime certificates in your application.

Other than that, I see no reason why not!

Simon Johnson 2008-09-24 08:47:05

If the data is fairly trivial I think PGP probably wouldn't be necessary. But otherwise I agree! :)

Phill Sacre 2008-09-24 08:48:27

+3 A:

For starters you need to have hosting that allows you to create a catch-all mailbox.

Secondly you need a good POP3 or IMAP library, which is not included AFAIK in the .NET stack.

Then you would write a Command Line application or a Service that regularly checks the mailbox, pulls messages, inserts content in db based on the "To" address (which is unique for each user), and then deletes the email from the mailbox.

It's feasible and sounds like fun. Just make sure you have all you need before you start!

Sklivvz 2008-09-24 08:49:11

use a dotnet popclient to read the incoming emails, parse them for whatever you are expecting and insert the data into the database.

see codeproject website for simple popclient implementation you would have to decided on the email content yourself, eg data only, payload of sql statements, etc

2008-09-24 08:51:13

You could also identify the user based on sender address. This is how Tripit (and probably others) does it. This only requires one e-mail address on your end.

Anders Sandvig 2008-09-24 08:53:23

This is probably more dangerous than using a secret receiving address. Not a good idea, I think.

Christian Davén 2008-09-24 09:16:54

I guess that depends on your application considers arbitrary data from random people dangerous or not. All I'm saying is that there are somewhat popular sites out there who are using this technique.

Anders Sandvig 2008-09-24 20:53:25

+2 A:

If the data is somewhat "critical", or at least moderately important, do NOT use their username as the "change-data-address". Example: You might be tempted to create an address like [email protected], but instead use [email protected] where you give them the random number if the visit the web-page. That way people can not update other peoples data just by knowing their username.

Espo 2008-09-24 10:20:56

I have done something similar, using Lumisoft's IMAP client and scheduling a task in my app that checks every x minutes the configured mail address for updates. For scheduling I recommend quartz.net. No launching external processes or anything.

Mauricio Scheffer 2008-09-30 05:23:38

Can any of the above work in a shared enviornment? Only dedicated hosting, no?

mausch ~ thanks for the intel on quartz.net

Saif Khan 2008-09-30 05:30:58

ansaurus

tags:

views:

answers:

How would you implement database updates via email?

related questions