Home > Archive > PERL CGI Beginners > December 2005 > CGI - Email Forms
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| jbdetroit@earthlink.net 2005-12-06, 6:55 pm |
| What tests must be in place in order to keep your perl scripts from being hijacked from spammers? Any help would be greatly appreciated.
Thank you!
| |
| usenet@DavidFilmer.com 2005-12-07, 3:55 am |
| jbdetroit@earthlink.net wrote:
> What tests must be in place in order to keep your perl scripts from being hijacked from spammers? Any help would be greatly appreciated.
perldoc perlseq
| |
| usenet@DavidFilmer.com 2005-12-07, 3:55 am |
| jbdetroit@earthlink.net wrote:
> What tests must be in place in order to keep your perl scripts from being hijacked from spammers? Any help would be greatly appreciated.
perldoc perlsec
| |
| Bill Stephenson 2005-12-07, 7:55 am |
|
On Dec 6, 2005, at 1:43 PM, jbdetroit@earthlink.net wrote:
> What tests must be in place in order to keep your perl scripts from
> being hijacked from spammers? Any help would be greatly appreciated.
For forms that send email, you don't want to let the user enter a "To,
CC, or BCC" address. This should be hard coded into your script. If you
must let the user send email to an address they input you should make
them enter a unique user name and password to login to use the script.
I'm sure there are other things to be considered depending on how the
script will be used, but these are basic measures you should take.
Kindest Regards,
--
Bill Stephenson
| |
| David Dorward 2005-12-07, 6:55 pm |
| On Tue, Dec 06, 2005 at 02:37:18PM -0600, Bill Stephenson wrote:
>
> For forms that send email, you don't want to let the user enter a "To,
> CC, or BCC" address.
Nor should you allow new lines ...
$subject = "User entered data with\nBCC: spam victim <foo@example.com>"
--
David Dorward http://dorward.me.uk
| |
| Bill Stephenson 2005-12-08, 3:55 am |
| On Dec 7, 2005, at 3:55 AM, David Dorward wrote:
>
>
> Nor should you allow new lines ...
>
> $subject = "User entered data with\nBCC: spam victim <foo@example.com>"
Thanks David,
I wasn't aware of that problem. I'm guessing that using CGI.pm to parse
input helps solve that problem. Is this correct?
Kindest Regards,
--
Bill Stephenson
| |
| David Dorward 2005-12-08, 6:55 pm |
| On Wed, Dec 07, 2005 at 01:19:59PM -0600, Bill Stephenson wrote:
[color=darkred]
> I wasn't aware of that problem. I'm guessing that using CGI.pm to parse
> input helps solve that problem. Is this correct?
No. There are plenty of times when you *want* to allow new lines in
user input, even just sticking to the rather narrow field of form
processors that send email, you often want to allow the user to enter
multiple lines of text (in the message body).
Using a prewritten, well-tested formmailer (such as NMS) is a good way
to solve the problem.
--
David Dorward http://dorward.me.uk
|
|
|
|
|