Posted by wayne on 07/06/06 02:58

Rik wrote:
>
> Could be, as long as you you protected the from from header injections, it
> should be no problem. Never, ever, construct a form that will send a
> confirmation to multiple (user-given) email-adresses. Be waware there should
> be no possiblty to adress multiple emailadresses, either by to:, cc: or
> bcc:.
>
> For extra protection, one could impose a time limit on contacts required by
> the form,for instance 3 per minute, 6 per 5 minutes, 10 per half hour per
> IP-adress (which isn't a really safe bet, but in nornal use good enough,
> without resorting to far more dificult methods). That way you more or less
> allow for follow-up questions, but limit the amount of possible spam.
>
> Grtz,
Rik,

Thank you for the quick response. I don't believe extra address can be
added, but is it possible to construct a form on a persons computer and
call the PHP script on the server from it?

I'm still learning how the scripts are used!

--
Wayne
http://www.glenmeadows.us
With or without religion, you would have good people doing good things
and evil people doing evil things. But for good people to do evil
things, that takes religion.
—Steven Weinberg

[Back to original message]