Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

Re: Exploit this formmail.pl for fun and, well, fun. (LONG)

by Mr.T (Sexton)
on Aug 09, 2001 at 21:20 UTC ( [id://103515]=note: print w/replies, xml ) Need Help??


in reply to Exploit this formmail.pl for fun and, well, fun. (LONG)

ichimunki,
I have a question for you:
Why do you feel like bringing up scripts from MSA? It's an old place, and I hope that no one is really still using scripts from there... it's kind of like opening a closet of skeletons... there is no point! :)

Maybe it should just be left as it is, because you and all of us already know that it is old, and not secure enough to use in today's internet world of Perl >= 5.xxx...

I was just wondering, because perhaps you already knew that this was not the best question in the world, since you said that you were prepared for major downvotes :).

Just my opinion.

Mr.T
qw/"I pity da foo' who don't use Perl!"/;
  • Comment on Re: Exploit this formmail.pl for fun and, well, fun. (LONG)

Replies are listed 'Best First'.
(ichimunki) re x 2: Exploit this formmail.pl ...
by ichimunki (Priest) on Aug 10, 2001 at 01:33 UTC
    MSA formmail.pl is one of the most widely used Perl scripts I know of. If you go shopping for a web host you will frequently see them offering formmail.pl as a way for HTML-only coders to enable their otherwise non-CGI sites to generate email -- this is the only way someone with a non-dynamic site can get feedback.

    The script archive is not "an old place", it is current. In fact formmail.pl was just updated to patch a security hole less than ten days ago. The simple truth is that this script is in widespread use and a discussion of it is very relevant. We have even had some newer Monks on PM asking about it.

    Finally, it is a popular mantra here at PM to deride the use of formmail.pl-- some have said that it is insecure, others have said it opens the servers to being "owned". I looked at the script. I saw no such danger with the latest version. And the major security concern with the previous version allowed anyone to use formmail.pl to send email from a server they weren't authorized to use. While I find that to be an important flaw, it is not critical. There is a big difference between an open relay and an "owned" machine.

    My conclusion was that the script is acceptable-- I made my post to make sure I had all the facts (and I think I've gotten enough of them to reach my conclusion). It just wouldn't be my choice of script to use-- but I can code Perl and make my own script tailored to my exact needs. I have no reason to rely on this since I don't write HTML anymore, I write CGIs and let them do that for me. For those who don't code Perl, I am not going to worry if they want to use this script (the current version).
[reply]
      Wow, sorry for making it sound like I thought I knew what I was talking about! :) I didn't know that MSA is current, I always just thought it was an archive of sorts. Thanks for clearing that up for me! :)

      Mr.T
      qw/"I pity da foo' who don't use Perl!"/;
[reply]

In Section Meditations

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://103515]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (2)
As of 2025-07-15 03:52 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found
    Notices?
    erzuuliAnonymous Monks are no longer allowed to use Super Search, due to an excessive use of this resource by robots.