On Apr 16, 2009, at 6:52 AM, I. Savant wrote:
This is a discussion for another list, but have you thought of the
security implications of hosting such a script on a public-facing
server? This is the kind of wide-open thing spammers love to find ...
Sorry for the noise, I hit send too early. I meant to add:
While it's very good the e-mail address is hard-coded, you're still
going to get hammered with scripted attempts at a) using it to send
out to other addresses, and b) simply spamming you with it.
A simple contact form on a web site I manage gets "felt up" by
scripts many times a day. Though the form does not send a copy of the
body of the message, it does send a confirmation e-mail saying "we
received your e-mail". If it did, the form could be used to send spam
from that web site's contact address. In addition, these scripts send
all kinds of extra arguments in an attempt to find "hidden features"
of the PHP script (from=<spamaddress>, sender=<spamaddress>,
user=<spamaddress>, and so on).
Be careful.
--
I.S.
_______________________________________________
Cocoa-dev mailing list (Cocoa-dev@lists.apple.com)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com
This email sent to arch...@mail-archive.com
