NMS' replacement CGI scripts, especially the FormMail scripts, are
vastly improved over Matt Wright's FormMail. Matt Wright's is riddled
with security holes, mainly allowing people to use it as a spam email
relay. Prior to my switching to PHP's mail() function, I utilized NMS
alot, and with few problems.
Just my two cents, and a thumbs up to NMS, to add to the suggestion.
- Tony
irb wrote:
> * Quoth Victor Odhner (vodhner@cox.net), on Thu, AD 2006.01.12, at 07:07 -0700:
>
>> ForMail has some legendary security holes, due to its trust
>> of user data. Just google for formail exploit
>> to see 22 pages of references.
>> This script is a poster child for bad CGI usage.
>> Being under selinux would be no protection here.
>>
>
> There's a project called NMS available at http://nms-cgi.sf.net/ that
> attempts to reimplement a number of Matt's scripts in sane and secure
> ways, FormMail.pl included. See also
> http://www.scriptarchive.com/nms.html.
>
> /i.
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)