You are here: Re: Using SendMail in Forms w/PHP HTML « All PHP « IT news, forums, messages
Re: Using SendMail in Forms w/PHP HTML

Posted by shimmyshack on 04/22/07 20:21

On 22 Apr, 16:05, j...@lycos.com wrote:
> > On Apr 22, 12:23 am, j...@lycos.com wrote:
>
> Thanks for the informative replies, gents. I forgot to mention that
> for this application that it was intended to work off a server on the
> company intranet so has some insulated security based on that (I can't
> access it from home). It began as a means to keep an electronic log
> for a 'testy' piece of equipment where messages could be passed from
> those who don't currently have access to any email. Their entries
> make it to the database log just fine where they can be queried and
> read but to ensure speedy remedies or responses to issues (by those
> who may otherwise 'forget' to check the database for any new entries),
> the ability to send an email as a teaser seemed like a good idea.
> Hence, the struggle to get some semblence of this working.
>
> thanks again,
> John

I see, although it is protected to a degree, the way the values are
printed to the screen in fact makes it vunerable to attack from
outside, unfortunately. It's not a massive problem, but you should use
best practise and escape and filter wherever input is printed to
screen or obtained from a source like a user or database and then
used. This kind of webpage is what an external attacker is looking for
when s/he wants to gain access to an intranet!

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация