On Tue, Jul 14, 2009 at 7:46 AM, Tiji varghese<tij...@yahoo.co.in> wrote: > Hello, > > I've implemented a contact form on my website that would email me the > contents of the form and also add it to the database. Its working perfectly > but I'm not too sure about the security part. I don't know much about the > security issues concerned with email forms and the measures to check it. > Please help. > > Thanks, > Tiji > > > > See the Web's breaking stories, chosen by people like you. Check out > Yahoo! Buzz. http://in.buzz.yahoo.com/
The main thing to be aware of would be 'email header injection.' Do not allow returns/newlines in any of the mail header fields you populate from user input. Also require a valid email address and verify that it has a valid domain name. Next up would just be the annoyance of a client receiving tons of spam messages. There are a lot of automated programs crawling the web just filling out every form it finds looking for vulns to exploit. Even if your form has no holes in it, the client will still get all of this unwanted junk from the automated tests. You can try to come up with some clever ways of stopping that. -- http://www.ericbutera.us/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
