[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: form mail

From: Keith Mastin <kmastin beechtree ca>
To: enigma-list redhat com
Subject: Re: form mail
Date: Mon, 21 Oct 2002 10:30:31 -0400 (EDT)

On Mon, 21 Oct 2002, Vicki Edwards wrote:

> can anyone help me with formmail.pl v1.92?  i keep getting the error
> 'bad recepient'.  thanks, vicki

Formmail is a bad idea. Very bad. Bbbbad. No good.
Search the php websites for scripts that are more secure, and read the 
code in them. Not difficult to understand at all. If anything scares or 
concerns you, stay away, as they are all written by "untrusted" sources. 
(Not to say there aren't some very good scripts there.)

cgi is a common gateway interface, which gives the ability to run system 
commands on your server from a web page. Using certain sequences and 
strings, an attacker can gain access to the server. They then capitulate 
on that by providing themselves with a shell, and away they go.

Formmail is a cgi script that is known to provide access with posted 
scripts to break in. Now that you are aware of this, if you use it, all 
bets on security for your system are off.

HTH

Follow-Ups:
- Re: form mail
  - From: Gordon Messmer

References:
- form mail
  - From: Vicki Edwards

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]