Re: Secure Form Script?

• Previous message: bp1974_at_comcast.net: "Re: looking for wireless linux security book"
• In reply to: Tim Tompkins: "Re: Secure Form Script?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 25 May 2004 15:05:06 -0700
To: Tim Tompkins <timt@spiderlinks.org>

I'm just going to drop out the direct-smtp Vs sendmail argument... I get
the sense that that's mostly a personal issue.

What I'm hearing in the middle of this is that there seems to be a really
nice (and widely known) module set that can easily do something like

mkpipe "r", FILEHANDLE, @arglist;
    or
mkpipe "rw", READHANDLE, WRITEHANDLE, @arglist;

rather than the current 'give it a string and hope it gets parsed right'
method used with open().

Looking at the docs anew (boy do I love the Perl quick reference!),
it would seem that the best way to do that would be:

die "could not fork $!" unless defined( $cpid = open APIPE, "|-");

if( $pid == 0){
        exec "cmd", @arglist ;
        die "exec of cmd failed";
};
# else am parent
print APIPE "data\n";

Tim Tompkins wrote:
> From the perspective of a web-app developer, I feel much better knowing
> that I'm piping to sendmail for two main reasons:
>
> * The mail queue is maintained by an existing, reliable service. If my
.....
> * Handing the message off to sendmail/postfix ensures that I'm not
> holding up a web server process while my webapp attempts to deliver an

> Beth Skwarecki wrote:
>
>> It's silly to be piping things to sendmail this way in perl. There are
>> two reasons why:
>>
>> 1) To expand a bit on Bryce Porter's comments, it's much safer to use
>> system()'s built-in argument handling than to attempt to sanitize
>> arguments yourself before putting them all together on a command that
>> the shell gets to execute:

-- 
Stephen Samuel +1(604)876-0426                samuel@bcgreen.com
		   http://www.bcgreen.com/~samuel/
    Powerful committed communication. Transformation touching
      the jewel within each person and bringing it to light.

• Previous message: bp1974_at_comcast.net: "Re: looking for wireless linux security book"
• In reply to: Tim Tompkins: "Re: Secure Form Script?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: Receiver (To/CC envelope fields) addresses verification against LDAP/Active Directory in sendmai ... Sorta like py-milter but in perl. ... For a long term solution I prefer storing aliases, maps, etc. in LDAP. ... is what LDAPMAP seems to do, but it doesn't compile. ... the sendmail access database (I hope that there is an alternative to REJECT, ... (freebsd-questions) Re: Block all incoming except one IP address ... Per Hedeland wrote: ... I cant be the only one that runs sendmail with local patches. ... question (apologies to the OP) borders on irresponsible IMHO. ... no idea what perl is. ... (comp.mail.sendmail) Re: Test Sending Emails Via CGI from PC (local host): Is It Possible? ... Perl" which is actually an FAQ and the other is "is there a sendmail ... #instantiate an instance of a MIME::Lite object ... There are other ways from a PC involving OLE where you would invoke your ... (comp.lang.perl.misc) Re: Sendmail and passwd-like file. [FEATURE(`anfi/vdovecot) ?] ... Have you considered using custom (perl?) script to convent plain text ... Actually I am using sendmail to minimize wild hacks count. ... "dovecot with passwd file" integration? ... Remember that SMTP-AUTH integration is a separate story. ... (comp.mail.sendmail) Re: Does the classic mailer recipe from perlcookbook work fine in debian? ... > I wonder if the classic recipe from the perl cookbook needs some ... > readjustment in debian due to sendmail being a link to exim? ... So (assuming your perl recipe is just a pipe to ... (Debian-User)