On Thu, 31 May 2007 10:01:06 -0500 "Frank Jones" <[EMAIL PROTECTED]> wrote:
> I should add some details. First, this is a pre-existing module in C, > not new development. I need to look up a value in a database and then > send a standard response email. OK. Well, a few bulletpoints to improve security in what you wrote: * Don't call "mail". Always call external programs by their full path. * But make that path configurable by the sysop. * Set up your process environment explicitly before forking a process. > There is no user input in the email so > my security concerns are not what they might be otherwise. > Second, I > don't know anything at all about perl, In that case, scrap the idea of using it to prototype this. The great virtue of perl's taint checking is that it will simply refuse to run "mail" without securing your call to it. That makes it a great teacher! -- Nick Kew Application Development with Apache - the Apache Modules Book http://www.apachetutor.org/
