in reply to Re: Re: Re: Re: Redirecting Problem
in thread Redirecting Problem

I downvoted this because it scares me.

First, you are allowing people to randomly send me anonymous messages without getting my prior permission. That IS SPAM, in spite of your insistence to the contrary. (Most spam claims not to be. {sigh})

Second, you aren't checking the contents of $form{email}, so I could inject something with newlines and control the entire header. Sure, your header and message would appear far later down in the tail of the body, but by then, the person is already reading my Penis Extension or Nigerian Request, and clicking here and there to buy my crap.

Third, sending email from CGI is the wrong way to go. If you have a mailing problem, the solution is almost certainly not CGI. CGI is meant for a reply through HTTP, not for a mailing action as a side-effect.

As I said, this post scares me. Please, you need design help and security help. Maybe even ethical help. Not just Perl help.

-- Randal L. Schwartz, Perl hacker

  • Comment on •Security and design problems - beware

Replies are listed 'Best First'.
Re: •Security and design problems - beware
by venimfrogtongue (Novice) on Aug 09, 2002 at 03:21 UTC
    I respect your opinion on downvoting me. But I'd like to say, I am really new to perl so by saying everything I've been doing was wrong really isn't helping any. I realise there must be millions of things wrong with my scripts, but until I learn more about perl it's just going to have to be like that... :(

    If you are actually Randal L. Shwartz, I am currently reading one of your books!

[reply]

In Section Seekers of Perl Wisdom