On 12/30/05 7:50 AM, "Thom Hehl" <[EMAIL PROTECTED]> wrote:
> We do IDX-enabled Real Estate software for Real Estate brokerages. As
> part of this, I want to be able to save searches and e-mail the results
> to an e-mail address once a week.
>
> What I'm concerned about is someone picking up the form field names and
> storing whatever URL they want with hundreds of e-mail addresses and
> letting me e-mail their spam for them. I'm trying to figure out how to
> do this.
>
> My guess at the moment is that I make sure the hostname portion of the
> URL matches the one specified when the CGI is called. My question is, do
> I have access to the URL inside my PERL CGI?
The URL can be spoofed, so that isn't safe either. Also, what would you do
with someone who uses gmail but uses comcast as their net provider?
One relatively safe way to do this is to ask people to put in their email
once, then email them a confirmation email that they must reply to or
validate using a URL that includes a security token (an MD5 hash of the
email and the timestamp and some keyword) that you can check when the user
clicks back to your site. Once that email is "validated", you can then at
least be sure that the person who got responded to the email wants to
continue to get email from you.
Hope that helps.
Sean
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
