Re: Is that a decent concept?

Your follow-up is commendable. It is still not great because of two things. One is minor - you are hand-parsing the parameters instead of using (say) CGI or CGI::Lite. The other is much more critical. You are still trying to eliminate "unwanted" input instead of letting through only what you want to attempt. I recommend using a simplicistic matcher for email addresses and text, maybe even as simplicistic as /^[-_\w]+\@([-_\w]+\.)+\w+$/ (for the email). This will reject some valid email addresses, but when piping stuff to sendmail (or, as recommended, MIME::Lite), that is preferrable to letting your mail server become blacklisted because of spamming.

This approach will eliminate least one class of problematic input, bad whitespace in the subject, mail body and recipient.

Again, the rule is to be very specific in what you let through, instead of only eliminating what you know is bad.

Comment on Re: Is that a decent concept? Select or Download Code

Replies are listed 'Best First'.
Re^2: Is that a decent concept? by davido (Cardinal) on Mar 31, 2012 at 16:27 UTC
brian_d_foy mentions in Mastering Perl that your suggestion fits the Prussian Stance, whereas the OP's method represents the American Stance. Apparently those terms originated in a talk by Mark Jason Dominus, though I can't seem to find the original talk anywhere online. It may be mentioned in HOP somewhere as well, but I can't recall where to find it. In short: Prussian Stance = Allow-listing = Specifically allowing those characters we know to be safe. American Stance = Block-listing = Specifically disallowing those characters we know to be unsafe. The disadvantage (as I see it) to blocklisting is that we must know all possible "bad" characters, whereas with the allowlist, we must only know those good characters we care about. The penalty for omitting an item from a block list is possible security breech. The penalty for omitting an item from a allowlist is potential user frustration, but not a security breech. The disadvantage (as I see it) to allowlisting is that, particularly in an era of Unicode, the list of acceptable characters either becomes enormous (in which case the potential for accidentally allowing something we shouldn't increases), or becomes limiting in ways that may impede a pleasant user experience. Dave	[reply]
Re^3: Is that a decent concept? by Anonymous Monk on Nov 02, 2012 at 19:57 UTC
FWIW those terms come from Dominus' Web Application Security talk.	[reply]
Re^2: Is that a decent concept? by heatblazer (Scribe) on Apr 01, 2012 at 16:05 UTC
Thank you. As for the MIME::Lite, I`ll use it for sure as well Email::Valid instead of my check. That was just a scratch pad for the very basic concepts of what I have to stress to learn and how to make the algorithm for the safe content mail form/client. I`ll look more into it because I am still learning.	[reply]