[ciapug] securing Mail()
Carl Olsen
carl-olsen at mchsi.com
Tue Apr 17 17:38:32 CDT 2007
I'm only guessing, but I think they are talking about something similar to
an SQL injection attack. It all depends on how you feed to input fields
into the mail function. I use something called Swift for email (it's a free
PHP function library that uses SMTP). It has a function for each part of
the email so that the email is not just being built from a bunch of strings
concatenated together in the header part of the PHP mail function. I know
some other folks on this list will answer your question in more detail.
Some PHP mail scripts are written in such a way that spammers can hijack
them. I've heard of the same thing with PERL scripts. I would highly
recommend the Swift mailer if you have a chance to look at it.
Carl
_____
From: ciapug-bounces at cialug.org [mailto:ciapug-bounces at cialug.org] On Behalf
Of Wade Arnold
Sent: Tuesday, April 17, 2007 5:14 PM
To: ciapug at cialug.org
Subject: [ciapug] securing Mail()
I am trying to figure out a best practice solution for securing form scripts
that send out emails with the mail() command. To date I have been just
posting information from a form into a script that sends the email. I have
had a couple hosting vendors asking me what I am doing to secure my email
forms. Frankly I did not know that I needed to secure them. Can anyone point
me towards some documentation? As you can image "secure email php" finds a
lot of results on a search engine.
Wade
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cialug.org/pipermail/ciapug/attachments/20070417/2f69897d/attachment.html
More information about the ciapug
mailing list