geektron has asked for the wisdom of the Perl Monks concerning the following question:
One of our ancient remailer scripts has finally been compromised. Someone discovered that it uses an ancient method to pass infomation to sendmail: a pipe directly to sendmail - the worst way to send email from a script.
I'm rewriting the thing with an extra eye for security and configurability (so that I can reuse it across our sites, if/when needed), and I want to make sure I've covered all the bases since the PHB keeps throwing "what if ...." scenarios at me.
I've already come up with the following to secure this thing:
- using the -T switch (which isn't in the original)
- using MIME::Lite to create the message rather than just printing to sendmail
- using Mail::Address or something similar to validate the "To:" field in the messages. i'll probably also make sure that only *one* value is in the "To:" field
- (not security related) using Config::General to allow for config file creation with an eye for deploying the remailer across sites.
Does adding some form of key/ session_id buy any security? I think not, because it would be just another thing that needs to be passed in the form, and enough brute-force attacks would crack that too ...
Any other suggestions for making this thing as locked down as possible?
|
---|
Replies are listed 'Best First'. | |
---|---|
Re: securing a remailer
by marto (Cardinal) on Oct 11, 2005 at 21:38 UTC | |
Re: securing a remailer
by neosamuri (Friar) on Oct 11, 2005 at 21:40 UTC | |
Re: securing a remailer
by schweini (Friar) on Oct 12, 2005 at 03:25 UTC | |
by geektron (Curate) on Oct 12, 2005 at 03:54 UTC | |
by sgifford (Prior) on Oct 12, 2005 at 15:41 UTC |
Back to
Seekers of Perl Wisdom