formail (was moron at perl/cgi)
John Seth
johnseth at phoenixwing.com
Thu Jan 12 10:34:39 MST 2006
NMS' replacement CGI scripts, especially the FormMail scripts, are
vastly improved over Matt Wright's FormMail. Matt Wright's is riddled
with security holes, mainly allowing people to use it as a spam email
relay. Prior to my switching to PHP's mail() function, I utilized NMS
alot, and with few problems.
Just my two cents, and a thumbs up to NMS, to add to the suggestion.
- Tony
irb wrote:
> * Quoth Victor Odhner (vodhner at cox.net), on Thu, AD 2006.01.12, at 07:07 -0700:
>
>> ForMail has some legendary security holes, due to its trust
>> of user data. Just google for formail exploit
>> to see 22 pages of references.
>> This script is a poster child for bad CGI usage.
>> Being under selinux would be no protection here.
>>
>
> There's a project called NMS available at http://nms-cgi.sf.net/ that
> attempts to reimplement a number of Matt's scripts in sane and secure
> ways, FormMail.pl included. See also
> http://www.scriptarchive.com/nms.html.
>
> /i.
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.plug.phoenix.az.us/pipermail/plug-discuss/attachments/20060112/4caddd1e/attachment.htm
More information about the PLUG-discuss
mailing list