Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw
 
PerlMonks  

Re^2: securing a remailer

by geektron (Curate)
on Oct 12, 2005 at 03:54 UTC ( [id://499360]=note: print w/replies, xml ) Need Help??


in reply to Re: securing a remailer
in thread securing a remailer

if user input isn't validated/untainted, newlines can be passed into the input, allowing someone to hijack the script and use it as a spam-remailer.

sure, if you're not accepting user input you could get away with it, but i don't recommend it.

Replies are listed 'Best First'.
Re^3: securing a remailer
by sgifford (Prior) on Oct 12, 2005 at 15:41 UTC
    So the solution is to validate user input. No need to throw the baby out with the bathwater. You'd have similar problems with using unvalidated input with SMTP or any other mechanism for sending mail.

    Still, if the OP finds they can replace a significant chunk of their code with a well-maintained Perl module, that seems like a pretty clear good idea.

[reply]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://499360]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others wandering the Monastery: (5)
As of 2024-04-25 12:09 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found