Posted by Shelly on 10/26/06 10:43

"Rik" <luiheidsgoeroe@hotmail.com> wrote in message
news:5cd4a$45402d85$8259c69c$11663@news2.tudelft.nl...
> Shelly wrote:
>> "Jerry Stuckle" <jstucklex@attglobal.net> wrote in message
>>
>>> "When this button is pressed, I want the user's default email
>>> program.."
>>>
>>> To send email from the user's email program, you will need to
>>> expose the client's email to the spambots. You do NOT want to do
>>> this.
>>
>> How is that so? When the button is pressed, I would find the email
>> from a database and then open the email program. Is it in the
>> passing from the current form to the email client that is the leak?
>
> Well, a *then* I will find the emailadress is not true. If you want this,
> you'll have to look it up earlier, and have it within your HTML/possbly JS
> code.]
>
> Jerry is mainly concerned (as am I), that people giving their emailadress
> to one party, agreeing to be mailed by them, will not have to worry about
> their emailadress being harvested from the source, or from a mail to
> others. So, tell us this is on a really secure backend for your client,
> which is impossible to access by any other then that client.
>
>> Anyway, I implemented a form and used mail().
>
> Good choice, and make sure that form is not in any way publicly available.
> --
> Rik Wasmus

The form is protected. When the admin logs in, I check his password and
privileges. I set a session variable for his username. At the top of each
admin page, I check that username for his privileges. If not met, I leave
that page and divert to a neutral home login page available for all users.
These admin pages are in a separate directory. I could set a session
variable for his privilege as well, but instead I check the database each
time.

Any additional suggestions?

Shelly

[Back to original message]