[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Is anyone on the list using "formmail" CGI script on their RH Apache implementations?

On Jan 26, 2005, at 10:50 AM, Marty Landman wrote:

At 09:59 AM 1/26/2005, Jason Dixon wrote:

I don't use FormMail.pl. As best I recall, it has had a history of security holes.

I believe the major problem is when you specify the recipient on a hidden form field. This makes a script available for hijacking to send spam from; stealing the webmaster's bandwidth and damaging their reputation. Or worse than that...

There are a LOT of problems with Matt's FormMail.pl. I took a cursory glance and was shocked at the lack of localized variables and what-not. And while I can appreciate the all-in-one behavior that made sense in 1996, most Perl folks like to take advantage of a little thing called *modules*. ;-)


Jason Dixon
DixonGroup Consulting

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]