Sure, no problem.
i am writing a "control panel" of sorts for individuals to use to
administrate their virtual emails on a linux based sendmail server.
each client has a file in /etc/mail/include that holds tab delimited
entries for their email aliases:
[EMAIL PROTECTED] [EMAIL PROTECTED]
the front end form that allows them to enter new alias/pair destination is
directed via 'post' to my perl script. i want to ensure that in their
'alias' entry, they cannot include an @symbol in the malicious attempt to
direct traffic of another client to a bogus address.
i am printing to the file currently via:
open(FILE, ">>$filename");
print FILE "$add_alias\@$domain\t$add_destination\n";
close(FILE);
so i am appending the appropriate domain to the new alias they are
entering. overall, i want to ensure that $add_alias is composed
strictly of a-z,A-Z,0-9,.,- and _ and nothing else.
On Mon, 11 Jun 2001, Peter Scott wrote:
> At 11:08 PM 6/11/01 -0500, [EMAIL PROTECTED] wrote:
>
> >i am writing a script that tests to see if an \@ symbol is entered by an
> >end user. i am trying to look at other alternatives that a malicious end
> >user might do to get around my checking. right now, i am doing a simple
> >
> > if ( $add_alias =~ /\@/ ) {
> >
> >could an end user enter an escaped ascii character code that would be
> >interpretted as \@
>
> Interpreted in what context? I'm not aware of how a lowly @ character in
> your input could pose a danger, so if you enlightened us as to exactly what
> you're concerned about perhaps we can help.
> --
> Peter Scott
> Pacific Systems Design Technologies
> http://www.perldebugged.com
>
