E-mail List Archives
Re: E-mailing Form
From: Karl Groves
Date: Apr 8, 2009 11:05AM
- Next message: Randi: "Re: iGoogle is my friend, was, Help finding accessible site?"
- Previous message: Dean Hamack: "Re: E-mailing Form"
- Next message in Thread: None
- Previous message in Thread: Dean Hamack: "Re: E-mailing Form"
- View all messages in this Thread
I would say this is an overly alarmist discussion of the potential problems
with tell-a-friend forms. While it is true that such forms are a very
popular target for spammers (as is any form which sends e-mails, such as
contact forms), it is not true that they're all vulnerable. First and
foremost, any and all data which comes from users should be validated,
filtered, and escaped appropriately, regardless of what the form actually
does. Forms which send e-mail should also perform checks to ensure that
they're protected against mail header injection.
For anyone out there using PHP, I heartily recommend 'Pro PHP Security' by
Chris Snyder and Michael Southwell, or 'Essential PHP Security' by Chris
Shifflett. Chris Shifflett also has an excellent blog worth reading as well.
The concerns that Dean raises are very real and he's 100% correct that your
host will shut you down if a vulnerable form gets exploited (as well they
should, IMO).
Karl
>
- Next message: Randi: "Re: iGoogle is my friend, was, Help finding accessible site?"
- Previous message: Dean Hamack: "Re: E-mailing Form"
- Next message in Thread: None
- Previous message in Thread: Dean Hamack: "Re: E-mailing Form"
- View all messages in this Thread