David Gilden wrote: > I just had blow up with a sys. adm. who said my script (see below) > is potentialy unsecure and dangerous and therefor unacceptable. > ... > Is there away some could hijack my script, if so how, or is this > sys. adm. not living in the real world?
You are passing form parameters directly to sendmail without examining them at all. Not good. I could stuff a Cc: line and my own message body into one of the name paramters for instance, and thus use your script to send any email to anyone. Your subject is misleading. There's nothing particularly insecure or dangerous about CGI.pm. It's your implementation that's problematic. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>
