 |
 |
 |
 |
|
|
|
Comments for: dan_ball20080118
| Message # 1510444: |
|
Date: 01/31/08 10:43
By: Chris Subject: Email Form Dan I'm glad that you have discovered PHP and find it enjoyable to develop in. Unfortunately I have to point out some serious problems with your script. As you may know, one of the problems that we all struggle with on the internet is spam. It's everywhere, and spammers have resorted to using hackers to gain access to more and more of the web every day. One of the things that spammers do very actively is look for contact forms and feedback forms just like the one that you have outlined in your article. There are two attack vectors that spammers use to attack these forms, mail header injection and automated submissions (bots). Unfortunately, your script is vulnerable to both. Details on both are available on many sites and are just a Google search away. In addition, you may find that the return-path header does not get set as expected when inserted into the "headers" argument of mail(). You may need to use the fifth argument to "force" the return-path to the address you wish it to be user a command flag. This is just one of the many issues with using mail() rather than one of the pre-written mail classes such as PHPMailer or PEAR::mail. Security on the web is the responsibility of all developers. We not only hold our own security in our hands, but that of everyone connected to the world wide network. Sending mail with any web application simply isn't as simple as a form submission and using the mail() function anymore. |
Previous Message | Next Message |
| Comments: | ||
| Parse error with your script | Chris | 06/24/08 00:29 |
| Emailing form not sending | LuAnne | 03/14/08 23:25 |
| Email Form | Chris | 01/31/08 10:43 |
| Email Forms in PHP - read this first. | Colin McKinnon | 01/30/08 11:58 |
|
If you are looking for help, please post on the appropriate forum here. Your questions will be answered much more quickly. | ||
