volks,
thanks for the scoop on what is what... I'd prefer a gooder reason to a jihaud - and I think a sufficiency of explanation has been presented. I R new to CGI in perl - sort of had it thrust upon me since 'well you know perl'.... On Tuesday, May 14, 2002, at 10:45 , Dave Cross wrote: > On Mon, 13 May 2002 17:14:03 +0100, Drieux wrote: [..] >> there was a security update to v1.92 on 04/21/02 has there been some new >> issue arise??? since then? > > Matt's version 1.92 fixes all of the spam relay problems with FormMail. > There are, I believe, a couple of Cross-Site Scripting vunerabilities > remaining. thanks for the heads up on that. My working premise then is that any such issues are closed in the nms? I have only just started to deconstruct it. There seems to be way more firepower in this than I think we will want to use.... but... I have found a few things I would wonder about - but these tend to be the sorts of trade offs on when is it really better to code in line - or have a simple function test.... > However secure this version is, it's still written for Perl for and > doesn't use "strict", "-w", taint mode or CGI.pm. It's a really bad > example of Perl code and I wouldn't want anyone to see the source and > think they can learn Perl from it. [..] So far about the only complaint I have with the nms FormMail is that the tarball did not come with a version number in it, hence I have no tracking control on the tarball or the folder that it generates. Unfortunately, I R 'the perl guy' - and the version 1.65? that had been running ran for a few years without problems - and it was only recently that the relay attack was executed - and I was asked to take a look to figure out what could be done to fix it, hence hauled in the 1.92 version - verified it was ok, and we were back in bizniz... But that is also why I R Here and asking the 'ok, so I'm Blithely Naive...' classes of questions. ciao drieux --- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
