Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling

Re: Re: Re: Re: Vetting a CGI script

by dvergin (Monsignor)
on Nov 12, 2003 at 18:49 UTC ( #306587=note: print w/replies, xml ) Need Help??

in reply to Re: Re: Re: Vetting a CGI script
in thread Vetting a CGI script

Quothe idsfa: "I'd really recommend not doing that either. For one, the syntax..." I'm missing something. What is wrong with solving the "\n.\n" issue by using the '-i' option in a pipe to sendmail. And what is syntactly bad about the example you gave.

Same question regarding use of Net::SMTP. The boss is going to ask me "Why?". I need a better answer than, "Some helpful person on the web said it was better." Why is the Net::SMTP code you recommend more secure than piping to sendmail with the '-i' option and hard-coded email header data? I know there are issues about gracefully handling situations where sendmail is missing or in a non-standard place. I'll deal with that. But what sort of potential input would Net::SMTP handle more securely in this situation?

BTW: I use standard modules all the time and will likely recommend Net::SMTP for use here. This is not a question of wanting to avoid their use. I just want to have a knowledgable rationalle to explain myself.

"Perl is a mess and that's good because the
problem space is also a mess.
" - Larry Wall