Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical

(ichimunki) re x 2: Exploit this ...

by ichimunki (Priest)
on Aug 10, 2001 at 01:33 UTC ( [id://103644]=note: print w/replies, xml ) Need Help??

in reply to Re: Exploit this for fun and, well, fun. (LONG)
in thread Exploit this for fun and, well, fun. (LONG)

MSA is one of the most widely used Perl scripts I know of. If you go shopping for a web host you will frequently see them offering as a way for HTML-only coders to enable their otherwise non-CGI sites to generate email -- this is the only way someone with a non-dynamic site can get feedback.

The script archive is not "an old place", it is current. In fact was just updated to patch a security hole less than ten days ago. The simple truth is that this script is in widespread use and a discussion of it is very relevant. We have even had some newer Monks on PM asking about it.

Finally, it is a popular mantra here at PM to deride the use of some have said that it is insecure, others have said it opens the servers to being "owned". I looked at the script. I saw no such danger with the latest version. And the major security concern with the previous version allowed anyone to use to send email from a server they weren't authorized to use. While I find that to be an important flaw, it is not critical. There is a big difference between an open relay and an "owned" machine.

My conclusion was that the script is acceptable-- I made my post to make sure I had all the facts (and I think I've gotten enough of them to reach my conclusion). It just wouldn't be my choice of script to use-- but I can code Perl and make my own script tailored to my exact needs. I have no reason to rely on this since I don't write HTML anymore, I write CGIs and let them do that for me. For those who don't code Perl, I am not going to worry if they want to use this script (the current version).
  • Comment on (ichimunki) re x 2: Exploit this ...

Replies are listed 'Best First'.
Re: (ichimunki) re x 2: Exploit this ...
by Mr.T (Sexton) on Aug 10, 2001 at 01:38 UTC
    Wow, sorry for making it sound like I thought I knew what I was talking about! :) I didn't know that MSA is current, I always just thought it was an archive of sorts. Thanks for clearing that up for me! :)

    qw/"I pity da foo' who don't use Perl!"/;

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://103644]
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others chilling in the Monastery: (3)
As of 2024-07-19 12:07 GMT
Find Nodes?
    Voting Booth?

    No recent polls found

    erzuuli‥ 🛈The London Perl and Raku Workshop takes place on 26th Oct 2024. If your company depends on Perl, please consider sponsoring and/or attending.