Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid

Re: securing a remailer

by schweini (Friar)
on Oct 12, 2005 at 03:25 UTC ( #499353=note: print w/ replies, xml ) Need Help??

in reply to securing a remailer

an ancient method to pass infomation to sendmail: a pipe directly to sendmail - the worst way to send email from a script.

just wondering why this is that bad? i still use that for quick-n-dirty plain-text mailers, and wasn't aware of any security/abuse problems with this?

Comment on Re: securing a remailer
Replies are listed 'Best First'.
Re^2: securing a remailer
by geektron (Curate) on Oct 12, 2005 at 03:54 UTC
    if user input isn't validated/untainted, newlines can be passed into the input, allowing someone to hijack the script and use it as a spam-remailer.

    sure, if you're not accepting user input you could get away with it, but i don't recommend it.

      So the solution is to validate user input. No need to throw the baby out with the bathwater. You'd have similar problems with using unvalidated input with SMTP or any other mechanism for sending mail.

      Still, if the OP finds they can replace a significant chunk of their code with a well-maintained Perl module, that seems like a pretty clear good idea.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://499353]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (2)
As of 2015-10-09 01:56 GMT
Find Nodes?
    Voting Booth?

    Does Humor Belong in Programming?

    Results (232 votes), past polls