Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical
 
PerlMonks  

Re: Re: Re: Vetting a CGI script

by idsfa (Vicar)
on Nov 12, 2003 at 18:23 UTC ( [id://306582]=note: print w/replies, xml ) Need Help??


in reply to Re: Re: Vetting a CGI script
in thread Vetting a CGI script

I'd really recommend not doing that either. For one, the syntax for that call looks like:

        $message = "From: blah\nTo: blah\nSubject: blah\n\nmessage\n";
        open (SENDMAIL,"|sendmail -i);
        print SENDMAIL $message;
        close(SENDMAIL);

[download]

Updated:
(Yes, I know it could be done with multiple print's, but I hate dribbling information through a pipe ...)

Which is a bigger rewrite than moving to Net::SMTP:

        use Net::SMTP;

        $smtp = Net::SMTP->new('mailhost');

        $smtp->mail($ENV{USER});       # print MAIL "MAIL FROM ..."
        $smtp->to('postmaster');       # print MAIL "RCPT TO ..."

        $smtp->data();                 # print MAIL "DATA\n";
        $smtp->datasend("line 1\n");   # print MAIL ...
        $smtp->datasend("line 2\n");   # print MAIL ...
        $smtp->datasend("line 3\n");   # print MAIL ...
        $smtp->dataend();

        $smtp->quit;

[download]

Updated: (duh ... typing "first" w/o a "second")
Second, invoking a whole 'nother app (sendmail) when you've already got perl running is just a bunch more overhead on your server. You then also have any security holes in 'sendmail -i' to remember to look for.

My parents just came back from a planet where the dominant life form had no
bilateral symmetry, and all I got was this stupid F-Shirt.

Replies are listed 'Best First'.
Re: Re: Re: Re: Vetting a CGI script
by dvergin (Monsignor) on Nov 12, 2003 at 18:49 UTC
    Quothe idsfa: "I'd really recommend not doing that either. For one, the syntax..." I'm missing something. What is wrong with solving the "\n.\n" issue by using the '-i' option in a pipe to sendmail. And what is syntactly bad about the example you gave.

    Same question regarding use of Net::SMTP. The boss is going to ask me "Why?". I need a better answer than, "Some helpful person on the web said it was better." Why is the Net::SMTP code you recommend more secure than piping to sendmail with the '-i' option and hard-coded email header data? I know there are issues about gracefully handling situations where sendmail is missing or in a non-standard place. I'll deal with that. But what sort of potential input would Net::SMTP handle more securely in this situation?

    BTW: I use standard modules all the time and will likely recommend Net::SMTP for use here. This is not a question of wanting to avoid their use. I just want to have a knowledgable rationalle to explain myself.

    ------------------------------------------------------------
    "Perl is a mess and that's good because the
    problem space is also a mess.    " - Larry Wall

[reply]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://306582]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others imbibing at the Monastery: (4)
As of 2024-04-19 16:47 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found