Re^3: prevent perl script running from browser

hi Alexander Thank you for a very concise run down on my garbage script. I hope you realize that for most of the comments you wrote line by line I have no idea what you are talking about LOL. As I said earlier, someone wrote this script 17 years ago and since then it has had some minor changes made by others from trying to make it work on various hosting servers. I think it would be best as you say, to remove the script ASAP and try to write a better solution with PHP. In the meantime I am stuck with it. It does the job and no I have not noticed any errors in the output or mixing up of emails being sent, but as you say it's got more holes in it than swiss cheese. I cannot disable it until I have something better to replace it with. Such is life. Thanks again

Comment on Re^3: prevent perl script running from browser

Replies are listed 'Best First'.
Re^4: prevent perl script running from browser by afoken (Chancellor) on Oct 02, 2017 at 15:06 UTC
I hope you realize that for most of the comments you wrote line by line I have no idea what you are talking about LOL. Well, you chould change that. Understand what happens in the script, even in its current, scary state. That's not hard. In fact, the lack of error checks actually makes it easier to follow the program flow. Ask for things that you don't understand, in the code and in my review. We are here to answer. As I said earlier, someone wrote this script 17 years ago and since then it has had some minor changes made by others from trying to make it work on various hosting servers. That explains the commented-out statements and the indent. I think it would be best as you say, to remove the script ASAP and try to write a better solution Yes. with PHP. No. In the meantime I am stuck with it. It does the job and no I have not noticed any errors in the output or mixing up of emails being sent, Well, then you are lucky not to have a lot of load on the webserver. but as you say it's got more holes in it than swiss cheese. At least, it has a lot of potential to be a spam relay, using your company's name. It can also be used to generate malicious web pages that seem to be hosted on your company's hosted webserver. It should be quite easy to steal cookies and other data from the user's browser. I cannot disable it until I have something better to replace it with. Such is life. Thanks again Well, you could. Talk to your boss. Make it urgent to get a sane replacement. It's likely much cheaper than fixing the bad reputation you could get if someone finds this script. Alexander -- Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)	[reply]

Replies are listed 'Best First'.

Re^4: prevent perl script running from browser
by afoken (Chancellor) on Oct 02, 2017 at 15:06 UTC

I hope you realize that for most of the comments you wrote line by line I have no idea what you are talking about LOL.

Well, you chould change that. Understand what happens in the script, even in its current, scary state. That's not hard. In fact, the lack of error checks actually makes it easier to follow the program flow. Ask for things that you don't understand, in the code and in my review. We are here to answer.

As I said earlier, someone wrote this script 17 years ago and since then it has had some minor changes made by others from trying to make it work on various hosting servers.

That explains the commented-out statements and the indent.

I think it would be best as you say, to remove the script ASAP and try to write a better solution

Yes.

with PHP.

No.

In the meantime I am stuck with it. It does the job and no I have not noticed any errors in the output or mixing up of emails being sent,

Well, then you are lucky not to have a lot of load on the webserver.

but as you say it's got more holes in it than swiss cheese.

At least, it has a lot of potential to be a spam relay, using your company's name. It can also be used to generate malicious web pages that seem to be hosted on your company's hosted webserver. It should be quite easy to steal cookies and other data from the user's browser.

I cannot disable it until I have something better to replace it with. Such is life. Thanks again

Well, you could. Talk to your boss. Make it urgent to get a sane replacement. It's likely much cheaper than fixing the bad reputation you could get if someone finds this script.

Alexander

--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)

[reply]