Do you know where your variables are? | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
MSA formmail.pl is one of the most widely used Perl scripts I know of. If you go shopping for a web host you will frequently see them offering formmail.pl as a way for HTML-only coders to enable their otherwise non-CGI sites to generate email -- this is the only way someone with a non-dynamic site can get feedback.
The script archive is not "an old place", it is current. In fact formmail.pl was just updated to patch a security hole less than ten days ago. The simple truth is that this script is in widespread use and a discussion of it is very relevant. We have even had some newer Monks on PM asking about it. Finally, it is a popular mantra here at PM to deride the use of formmail.pl-- some have said that it is insecure, others have said it opens the servers to being "owned". I looked at the script. I saw no such danger with the latest version. And the major security concern with the previous version allowed anyone to use formmail.pl to send email from a server they weren't authorized to use. While I find that to be an important flaw, it is not critical. There is a big difference between an open relay and an "owned" machine. My conclusion was that the script is acceptable-- I made my post to make sure I had all the facts (and I think I've gotten enough of them to reach my conclusion). It just wouldn't be my choice of script to use-- but I can code Perl and make my own script tailored to my exact needs. I have no reason to rely on this since I don't write HTML anymore, I write CGIs and let them do that for me. For those who don't code Perl, I am not going to worry if they want to use this script (the current version). In reply to (ichimunki) re x 2: Exploit this formmail.pl ...
by ichimunki
|
|