print MAIL "TO: [EMAIL PROTECTED]"; print MAIL "From: $name <$email>\n"; print MAIL "Subject: $subject\n\n";
The From is Hard wired so I donât understand you mention below.
In your orginal post it was evaluated as a PARAM CGI input -- therefore it is not hard-wired.
print MAIL "From: $name <$email>\n";
This is going to '[EMAIL PROTECTED]' in box. so you are saying that someone could interject a CC, and use the script as it currently is as a Spam Relay?
I really donât follow.
:) From: doesn't equate to To:
I knew this day would come. When I started using Perl in 1996 I asked these same questions and the same answers still apply.
1) Your code does ask for param in the CGI - therefore param can be hijacked unless you take steps to stop it.
2) Given my straight-forward previous example and my statement above I have to conclude that you should research solutions as to what you would like to do and weigh the impact of what you must do in the interest of professional ethics and see if a mutually agreeable solution can be arrived at.
*When I say agreeable I mean a solution which takes the Internet as a whole and puts into focus a common point from which to code your projects for CGI use but NOT allow spam - intentioanl or not - to propagate from your programs.
If you choose to not research these things and whether you or your SysAdmin place an insecure application into public use - then your domain - and likely upstream backbone - will be published in rfc-ignorant.org -- not a good thing :/
See http://www.cpan.org/authors/id/S/SN/SNEEX/smtp_Scanner_v4
And also, begin your research about e-mail and spam here: http://rfc-ignorant.org/
Thanks for any clarifying,
Anytime. I know first hand where you are and where you are heading. I just hope you will allow those on the Beginner CGI list with more experience guide you while you learn :)
Best; -Sx-
-- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>
