in reply to Re^6: MAIL::SENDMAIL - Inserting $variable Into TO or FROM?
in thread MAIL::SENDMAIL - Inserting $variable Into TO or FROM?

If someone is logged in to your site can't you check that they should be granted access to features using the associated Session? Given my previous comments regarding SQL injection, are you sure only people with accounts can log in? With my statement about referrer in mind, do you log emails sent or check to ensure people aren't already doing this? Perl CGI Secure Authentication, Super Search for more.

  • Comment on Re^7: MAIL::SENDMAIL - Inserting $variable Into TO or FROM?

Replies are listed 'Best First'.
Re^8: MAIL::SENDMAIL - Inserting $variable Into TO or FROM?
by Milti (Beadle) on Feb 04, 2014 at 16:13 UTC

    The website is public. However, anyone wishing to search and view profiles of other members must have an account themselves and log on with their own account ID and PW which are checked against the database. Then, as long as the other member does not block them, they may elect to send a message to the other member. They are not allowed to see the email address of the recipient nor does the recipient see the email address of the sender. At this time it is intended that ccs of messages will not be allowed. It is true that any visitor can elect to register at the site to become a member but then they must conduct a search and focus on an individual before they can send a message.

    I do plan to use placeholders with all my SQL queries.

    Thanks for any additional support you can provide.

[reply]

In Section Seekers of Perl Wisdom