[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Is anyone on the list using "formmail" CGI script on their RH Apache implementations?



At 09:59 AM 1/26/2005, Jason Dixon wrote:

I don't use FormMail.pl. As best I recall, it has had a history of security holes.

I believe the major problem is when you specify the recipient on a hidden form field. This makes a script available for hijacking to send spam from; stealing the webmaster's bandwidth and damaging their reputation. Or worse than that...

Marty


Marty Landman, Face 2 Interface Inc. 845-679-9387
Search & Sort Easily: http://face2interface.com/Products/FormATable.shtml
Web Installed Formmail: http://face2interface.com/formINSTal



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]