Posted by Jerry Stuckle on 10/27/06 12:26

Shelly wrote:
> "Rik" <luiheidsgoeroe@hotmail.com> wrote in message
> news:5cd4a$45402d85$8259c69c$11663@news2.tudelft.nl...
>
>>Shelly wrote:
>>
>>>"Jerry Stuckle" <jstucklex@attglobal.net> wrote in message
>>>
>>>
>>>>"When this button is pressed, I want the user's default email
>>>>program.."
>>>>
>>>>To send email from the user's email program, you will need to
>>>>expose the client's email to the spambots. You do NOT want to do
>>>>this.
>>>
>>>How is that so? When the button is pressed, I would find the email
>>>from a database and then open the email program. Is it in the
>>>passing from the current form to the email client that is the leak?
>>
>>Well, a *then* I will find the emailadress is not true. If you want this,
>>you'll have to look it up earlier, and have it within your HTML/possbly JS
>>code.]
>>
>>Jerry is mainly concerned (as am I), that people giving their emailadress
>>to one party, agreeing to be mailed by them, will not have to worry about
>>their emailadress being harvested from the source, or from a mail to
>>others. So, tell us this is on a really secure backend for your client,
>>which is impossible to access by any other then that client.
>>
>>
>>>Anyway, I implemented a form and used mail().
>>
>>Good choice, and make sure that form is not in any way publicly available.
>>--
>>Rik Wasmus
>
>
> The form is protected. When the admin logs in, I check his password and
> privileges. I set a session variable for his username. At the top of each
> admin page, I check that username for his privileges. If not met, I leave
> that page and divert to a neutral home login page available for all users.
> These admin pages are in a separate directory. I could set a session
> variable for his privilege as well, but instead I check the database each
> time.
>
> Any additional suggestions?
>
> Shelly
>
>

Well, first of all, you didn't clarify this is an admin page. If it's a
public page I can easily intercept the email address and spam the hell
out of your users. On an admin form it's a little harder. Virtually
impossible if you use SSL on an admin page. But also if you use an
email form and never send the email address to the user in the first place.



--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

• Next in forum: Re: Why to use PHP
• Prev in forum: Re: including a PHP file displays the file's content to the user agent (PHP 5.1)
• Thread view: Re: Mailer

[Reply to this message]