Re: securing a remailer


Come for the quick hacks, stay for the epiphanies.
	PerlMonks

Re: securing a remailer

by schweini (Friar)

on Oct 12, 2005 at 03:25 UTC ( [id://499353]=note: print w/replies, xml )

Need Help??

in reply to securing a remailer

an ancient method to pass infomation to sendmail: a pipe directly to sendmail - the worst way to send email from a script.

just wondering why this is that bad? i still use that for quick-n-dirty plain-text mailers, and wasn't aware of any security/abuse problems with this?

Comment on Re: securing a remailer

Replies are listed 'Best First'.
Re^2: securing a remailer by geektron (Curate) on Oct 12, 2005 at 03:54 UTC
if user input isn't validated/untainted, newlines can be passed into the input, allowing someone to hijack the script and use it as a spam-remailer. sure, if you're not accepting user input you could get away with it, but i don't recommend it.	[reply]
Re^3: securing a remailer by sgifford (Prior) on Oct 12, 2005 at 15:41 UTC
So the solution is to validate user input. No need to throw the baby out with the bathwater. You'd have similar problems with using unvalidated input with SMTP or any other mechanism for sending mail. Still, if the OP finds they can replace a significant chunk of their code with a well-maintained Perl module, that seems like a pretty clear good idea.	[reply]

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://499353]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others drinking their drinks and smoking their pipes about the Monastery: (4)

As of 2024-04-25 13:27 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found