>>>>> "Werner" == Werner Otto <[EMAIL PROTECTED]> writes:
>> Do *not* send email to addresses taken from forms. Ever. >> >> Werner> why is that? Because you have no authentication of the requestor. Any fool can go to your website, enter [EMAIL PROTECTED], and all of a sudden, I get a big PDF shoved down my email box. Repeatedly. And yet it wasn't *me* that requested that. And yet I'll have no clue, except "it came from you" and you'll have no clue except "it came from this IP addr". No. Do not go from web to mail. Bad idea, unless you've fully round-tripped the web requestor from a real mail address. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 <[EMAIL PROTECTED]> <URL:http://www.stonehenge.com/merlyn/> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training! -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>
