Loading ...
Sorry, an error occurred while loading the content.
 

[PBML] Security for email

Expand Messages
  • Vicki Hargis
    I created an email referral script. I am using the -t in the line open (Mail, |/usr/lib/sendmail -t )||&ErrorMessage; I want to make sure this script is
    Message 1 of 2 , Jan 19, 2000
      I created an email referral script. I am using the -t in the line
      open (Mail,"|/usr/lib/sendmail -t")||&ErrorMessage; I want to make sure
      this script is secure. I have four questions: Is the -t in the right
      place or does it go in the shebang line. Does it protect from tainted
      data? Do I also need to make sure that the script is being accessed
      only from my site? The script follows:

      #!/usr/local/bin/perl
      require "subparseform.lib";
      & Parse_Form;
      print "content-type:text/html\n\n";

      #send email to friend
      $to = $formdata{'friend_email'};
      $from = $formdata{'visitor_email'};
      $subject = $formdata{'subject'};
      $content = $formdata{'description'};
      open (Mail,"|/usr/lib/sendmail -t")||&ErrorMessage;
      print Mail "Subject:$subject\r\nTo:$to\r\nFrom:$from\r\n";
      print Mail "\r\n$content\r\n";
      close(Mail);

      #send thanks email to visitor
      $to = $formdata{'visitor_email'};
      $from = "webadmin\@...";
      $subject = "Thank you";
      $content = "We appreciate the time you took to refer our site";
      open (Mail,"|/usr/lib/sendmail -t")||&ErrorMessage;
      print Mail "Subject:$subject\r\nTo:$to\r\nFrom:$from\r\n";
      print Mail "\r\n$content\r\n";
      close(Mail);

      #send email to self to confirm referral
      $to = "vhargis\@...";
      $from = "webadmin\@...";
      $subject = "Referal Confirmation";
      $content = "Our site was refered";
      open (Mail,"|/usr/lib/sendmail -t")||&ErrorMessage;
      print Mail "Subject:$subject\r\nTo:$to\r\nFrom:$from\r\n";
      print Mail "\r\n$content\r\n";
      close(Mail);

      print "Thanks for working";


      sub ErrorMessage {
      print"<p>The serverhas a problem. Aborting script. \n";
      exit;
      }

      Thanks
    • Jeff Boes
      ... You might want to look at Mail::Mailer or some such instead. You re doing it the hard way... ... sendmail -t doesn t have anything to do with tainted
      Message 2 of 2 , Jan 19, 2000
        > -----Original Message-----
        > From: Vicki Hargis [mailto:vhargis@...]
        > Sent: Wednesday, January 19, 2000 4:31 PM
        > To: perl-beginner@...
        > Subject: [PBML] Security for email
        >
        >
        > I created an email referral script.

        You might want to look at Mail::Mailer or some such instead. You're doing it
        the hard way...

        > I am using the -t in the line
        > open (Mail,"|/usr/lib/sendmail -t")||&ErrorMessage; I want to make sure
        > this script is secure. I have four questions: Is the -t in the right
        > place or does it go in the shebang line. Does it protect from tainted
        > data? Do I also need to make sure that the script is being accessed
        > only from my site? The script follows:

        "sendmail -t" doesn't have anything to do with tainted data. The -t on the
        shebang is an entirely different, unrelated option. I forget precisely, but
        I think the sendmail -t has to do with how the 'To' address is supplied to
        sendmail.


        ----
        "To paraphrase Mark Twain, the difference between the right program and
        almost the right program is like the difference between lightning and a
        lightning bug. The difference is just a bug." --Danny Hillis, "The Pattern
        on the Stone" (1998)
        ___________
        Jeff Boes <>< jboes@...
        Mur Consulting http://www.qtm.net/~jboes/
      Your message has been successfully submitted and would be delivered to recipients shortly.