Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.php > #1184
| From | "P E Schoen" <paul@pstech-inc.com> |
|---|---|
| Newsgroups | comp.lang.php |
| Subject | Re: My contact form is not emailed to me |
| Date | 2011-04-18 22:30 -0400 |
| Organization | Aioe.org NNTP Server |
| Message-ID | <iois3u$vor$1@speranza.aioe.org> (permalink) |
| References | (3 earlier) <iocu0g$3v5$1@speranza.aioe.org> <iod2d7$n1d$3@dont-email.me> <8d59976e-bbfc-4552-8505-df661de50c1b@l14g2000pre.googlegroups.com> <iofgr1$f0$1@dont-email.me> <iofj5t$7gi$1@dont-email.me> |
"Jerry Stuckle" wrote in message news:iofj5t$7gi$1@dont-email.me... > On 4/17/2011 3:58 PM, MG wrote: >> This one is worth reading >> http://www.damonkohler.com/2008/12/email-injection.html > Some good descriptions on how it can happen. But one needs to > read the comments at the end, also - there are several problems > with his proposed solutions. I found the article very interesting. As a "casual" newbie user of PHP I don't fully understand all the issues, but I can see that it can be a real problem if a hacker really wants to make trouble. My application requires a user to provide a name and email address from a hard-coded list, and also a password, before data can be entered. If that is successful, I set a file lock which blocks any subsequent attempts to access the script, and I add a deliberate 5 or 10 second delay before completing the processing and releasing the file lock. I also run the user input through a filter: http://htmlpurifier.org/ which seems to work pretty well. I suppose nothing is totally secure, but this is designed for only a small group of trusted members, and is not really used very much. In fact, the only ones to have used it over the last several months have been myself (for testing), and one or two members as they were learning how to use it. Paul
Back to comp.lang.php | Previous | Next — Previous in thread | Next in thread | Find similar
My contact form is not emailed to me nathanir <rajeshn923@gmail.com> - 2011-04-16 00:36 -0700
Re: My contact form is not emailed to me Jerry Stuckle <jstucklex@attglobal.net> - 2011-04-16 10:04 -0400
Re: My contact form is not emailed to me nathanir <rajeshn923@gmail.com> - 2011-04-16 07:36 -0700
Re: My contact form is not emailed to me Jerry Stuckle <jstucklex@attglobal.net> - 2011-04-16 16:11 -0400
Re: My contact form is not emailed to me "P E Schoen" <paul@pstech-inc.com> - 2011-04-16 16:25 -0400
Re: My contact form is not emailed to me Jerry Stuckle <jstucklex@attglobal.net> - 2011-04-16 17:40 -0400
Re: My contact form is not emailed to me nathanir <rajeshn923@gmail.com> - 2011-04-17 10:27 -0700
Re: My contact form is not emailed to me "MG" <nospam@nospam.com> - 2011-04-17 21:58 +0200
Re: My contact form is not emailed to me Jerry Stuckle <jstucklex@attglobal.net> - 2011-04-17 16:39 -0400
Re: My contact form is not emailed to me "P E Schoen" <paul@pstech-inc.com> - 2011-04-18 22:30 -0400
Re: My contact form is not emailed to me Jerry Stuckle <jstucklex@attglobal.net> - 2011-04-18 22:58 -0400
Re: My contact form is not emailed to me "P E Schoen" <paul@pstech-inc.com> - 2011-04-19 00:33 -0400
Re: My contact form is not emailed to me Jerry Stuckle <jstucklex@attglobal.net> - 2011-04-19 06:29 -0400
Re: My contact form is not emailed to me "P E Schoen" <paul@pstech-inc.com> - 2011-04-20 13:46 -0400
Re: My contact form is not emailed to me The Natural Philosopher <tnp@invalid.invalid> - 2011-04-20 18:51 +0100
Re: My contact form is not emailed to me "P E Schoen" <paul@pstech-inc.com> - 2011-04-20 16:41 -0400
Re: My contact form is not emailed to me Jerry Stuckle <jstucklex@attglobal.net> - 2011-04-20 16:59 -0400
Re: My contact form is not emailed to me Jerry Stuckle <jstucklex@attglobal.net> - 2011-04-20 16:55 -0400
Re: My contact form is not emailed to me "P E Schoen" <paul@pstech-inc.com> - 2011-04-20 19:58 -0400
Re: My contact form is not emailed to me Jerry Stuckle <jstucklex@attglobal.net> - 2011-04-20 23:44 -0400
Re: My contact form is not emailed to me "P E Schoen" <paul@pstech-inc.com> - 2011-04-21 04:04 -0400
Re: My contact form is not emailed to me Jerry Stuckle <jstucklex@attglobal.net> - 2011-04-21 06:29 -0400
Re: My contact form is not emailed to me "P E Schoen" <paul@pstech-inc.com> - 2011-04-21 04:31 -0400
Re: My contact form is not emailed to me Jerry Stuckle <jstucklex@attglobal.net> - 2011-04-21 06:32 -0400
Re: My contact form is not emailed to me crankypuss <no@email.thanks> - 2011-04-21 04:37 -0600
Re: My contact form is not emailed to me "P E Schoen" <paul@pstech-inc.com> - 2011-04-21 13:42 -0400
Re: My contact form is not emailed to me "Mr. B-o-B" <mr.chew.baka@gmail.com> - 2011-04-21 15:21 -0500
Re: My contact form is not emailed to me Jerry Stuckle <jstucklex@attglobal.net> - 2011-04-21 20:04 -0400
Re: My contact form is not emailed to me "P E Schoen" <paul@pstech-inc.com> - 2011-04-22 00:45 -0400
Re: My contact form is not emailed to me The Natural Philosopher <tnp@invalid.invalid> - 2011-04-22 11:07 +0100
Re: My contact form is not emailed to me Jerry Stuckle <jstucklex@attglobal.net> - 2011-04-22 07:07 -0400
Re: My contact form is not emailed to me "P E Schoen" <paul@pstech-inc.com> - 2011-04-22 15:28 -0400
Re: My contact form is not emailed to me "P E Schoen" <paul@pstech-inc.com> - 2011-04-23 04:32 -0400
Re: My contact form is not emailed to me "Peter H. Coffin" <hellsop@ninehells.com> - 2011-04-22 08:23 -0500
csiph-web