RE: Secure Form Script?
From: Bryce Porter (bporter_at_heart.net)
Date: Fri, 14 May 2004 16:03:14 -0500 To: "Stephen Samuel" <firstname.lastname@example.org>
When calling a binary directly, you run a lot of risks, especially
format string vulnerabilities.
I agree about using the fixed To: address, but I think he was originally
wanting that to be flexible. If not, fixed is most definitely the way to
Heart Technologies, Inc.
309.633.2800 Technical Support
From: Stephen Samuel [mailto:email@example.com]
Sent: Friday, May 14, 2004 3:54 PM
To: Bryce Porter
Subject: Re: Secure Form Script?
In this case, I'm presuming that the destination address is fixed.
The only input data on the header is the subject line, and that's
For the most part I'd agree that using something like Net::SMTP is
a good ida, but what do you see as the issues with calling sendmail
from a script?
Bryce Porter wrote:
> Or you can write your own script in Perl (or your language of choice)
> that accepts a single To: parameter from an html form and runs the
> through a regular expression to "cleanse" the data. Then, perform the
> actual sending using something like Net::SMTP, et. al. Never interface
> directly with the sendmail binary, and never use a script that does.
> me know if you need some help.
-- Stephen Samuel +1(604)876-0426 firstname.lastname@example.org http://www.bcgreen.com/~samuel/ Powerful committed communication. Transformation touching the jewel within each person and bringing it to light.