Re: Security of Mail Script


Think about Loose Coupling
	PerlMonks

Re: Security of Mail Script

by Abigail-II (Bishop)

on Feb 09, 2004 at 10:57 UTC ( #327601=note: print w/replies, xml )

Need Help??

in reply to Security of Mail Script

Well, they can spam the recipient mentioned in the form (that is, whoever is referred to with '12345'). Now, if there's just a few of those 'keys', no spammer will bother. But if you have thousands of people in your database, and the keys can be easily guessed (for instance, because you use consecutive numbers), a spammer can use the form by just guessing keys.

Abigail

Comment on Re: Security of Mail Script

Replies are listed 'Best First'.

Re: Re: Security of Mail Script
by arturo (Vicar) on Feb 09, 2004 at 15:56 UTC

Hrm, makes me think that one way of doing it might be to use a hashed value of ( the email address plus a secret key ) in order to specify the recipient. Those who want to receive mail at a specific address via the form could be given the hashed value. Although it obscures the actual destination, it's no protection against a spammer who doesn't care who's on the other end (which is, of course, the overwhelming majority of spammers).

If not P, what? Q maybe?
"Sidney Morgenbesser"

[reply]

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://327601]
help

Chatterbox^?

How do I use this? | Other CB clients

Other Users^?

Others avoiding work at the Monastery: (3)

As of 2023-06-03 15:43 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Voting Booth^?

Notices^?