[thelist] Formmail (WAS Recommended use of HTTP_REFERER?)
John C Bullas
jcbullas at nildram.co.uk
Tue Oct 28 01:31:35 CST 2003
At 01:48 28/10/2003, Simon Willison wrote
>John.Brooking at sappi.com wrote:
>>Does anyone have any experience with FormMail.pl 1.91 or 1.92 (the latest)
>>and can recommend it to me, or not?
>
>FormMail really should be secure by now, but I still wouldn't trust it
>100%. A good alternative though is Not Matt's Scripts, which are rewrites
>of the Matts Scripting Archive scripts done by people who really know how
>to write secure code:
Also: My 404 logs do occasionally show "things" snooping in my non existent
cgi-bin for Formmail.pl/.cgi BTW :(
http://www.infosheet.com/iScripts.html for BFormmail a good rewrite NB:
Formmail was last updated April 19, 2002
Bformmail is pretty good as it is supposed to be a lot more secure, it has
a few built in function to write the field data to a file on the server if
you want a "hard copy" of what is sent to you, and a CC/Fax function and
appears pretty hack proof from a laymans understanding. Both scripts appear
happy to work with Javascript augmentation ( stringing together and
stuffing in combinations of field values to the form).
the possible scariness of unmodified FormMail can be read about here:
http://www.monkeys.com/anti-spam/formmail-advisory.pdf
Any more questions, this is fun!
FB http://www.ime.org.uk
BFormMail user, formerly formmail
>http://nms-cgi.sourceforge.net/
>
>--
>Simon Willison
>Web development weblog: http://simon.incutio.com/
More information about the thelist
mailing list