Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling

Re: Security of Mail Script

by Abigail-II (Bishop)
on Feb 09, 2004 at 10:57 UTC ( #327601=note: print w/replies, xml ) Need Help??

in reply to Security of Mail Script

Well, they can spam the recipient mentioned in the form (that is, whoever is referred to with '12345'). Now, if there's just a few of those 'keys', no spammer will bother. But if you have thousands of people in your database, and the keys can be easily guessed (for instance, because you use consecutive numbers), a spammer can use the form by just guessing keys.


Replies are listed 'Best First'.
Re: Re: Security of Mail Script
by arturo (Vicar) on Feb 09, 2004 at 15:56 UTC

    Hrm, makes me think that one way of doing it might be to use a hashed value of ( the email address plus a secret key ) in order to specify the recipient. Those who want to receive mail at a specific address via the form could be given the hashed value. Although it obscures the actual destination, it's no protection against a spammer who doesn't care who's on the other end (which is, of course, the overwhelming majority of spammers).

    If not P, what? Q maybe?
    "Sidney Morgenbesser"

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://327601]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others avoiding work at the Monastery: (3)
As of 2023-06-03 15:43 GMT
Find Nodes?
    Voting Booth?
    How often do you go to conferences?

    Results (14 votes). Check out past polls.