Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical
 
PerlMonks  

(ichimunki) re x 2: Exploit this formmail.pl ...

by ichimunki (Priest)
on Aug 10, 2001 at 01:33 UTC ( [id://103644]=note: print w/replies, xml ) Need Help??


in reply to Re: Exploit this formmail.pl for fun and, well, fun. (LONG)
in thread Exploit this formmail.pl for fun and, well, fun. (LONG)

MSA formmail.pl is one of the most widely used Perl scripts I know of. If you go shopping for a web host you will frequently see them offering formmail.pl as a way for HTML-only coders to enable their otherwise non-CGI sites to generate email -- this is the only way someone with a non-dynamic site can get feedback.

The script archive is not "an old place", it is current. In fact formmail.pl was just updated to patch a security hole less than ten days ago. The simple truth is that this script is in widespread use and a discussion of it is very relevant. We have even had some newer Monks on PM asking about it.

Finally, it is a popular mantra here at PM to deride the use of formmail.pl-- some have said that it is insecure, others have said it opens the servers to being "owned". I looked at the script. I saw no such danger with the latest version. And the major security concern with the previous version allowed anyone to use formmail.pl to send email from a server they weren't authorized to use. While I find that to be an important flaw, it is not critical. There is a big difference between an open relay and an "owned" machine.

My conclusion was that the script is acceptable-- I made my post to make sure I had all the facts (and I think I've gotten enough of them to reach my conclusion). It just wouldn't be my choice of script to use-- but I can code Perl and make my own script tailored to my exact needs. I have no reason to rely on this since I don't write HTML anymore, I write CGIs and let them do that for me. For those who don't code Perl, I am not going to worry if they want to use this script (the current version).
  • Comment on (ichimunki) re x 2: Exploit this formmail.pl ...

Replies are listed 'Best First'.
Re: (ichimunki) re x 2: Exploit this formmail.pl ...
by Mr.T (Sexton) on Aug 10, 2001 at 01:38 UTC
    Wow, sorry for making it sound like I thought I knew what I was talking about! :) I didn't know that MSA is current, I always just thought it was an archive of sorts. Thanks for clearing that up for me! :)

    Mr.T
    qw/"I pity da foo' who don't use Perl!"/;

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://103644]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others chilling in the Monastery: (3)
As of 2024-07-19 12:07 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found

    Notices?
    erzuuli‥ 🛈The London Perl and Raku Workshop takes place on 26th Oct 2024. If your company depends on Perl, please consider sponsoring and/or attending.