Problems? Is your data what you think it is? | |
PerlMonks |
Re: Probed for formmail.plby mortis (Pilgrim) |
on Nov 26, 2001 at 19:52 UTC ( [id://127554]=note: print w/replies, xml ) | Need Help?? |
A team I worked with had to deal with the issue of
our form mailer being used for spam. We took the approach
of md5 summing the addresses in the HTML page with some data
only known on the web server and verifying the md5 sum of
the to address when the form was posted. This allowed the
HTML authors to use whatever to addresses they wanted to,
and us to only maintain a single form mailer CGI. The
mailer warns you about potential exploit attempts, and
provided us with some interesting results.
If anyone is interested, code based on the techniques from the earlier work is available here: http://www.bgw.org/projects/perl/mailer.cgi.txt Kyle
In Section
Meditations
|
|