Sandy Keathley wrote:
My company uses a home-grown formmail script for clients <groan>, and someone is using curl to inject HTTP headers and spam email addresses, and turn it into an open relay. Yes, I know the right answer is to not use a formmail, but I don't make the rules here. Is there a way to detect that a script is being accessed by curl, and not by a browser?
It sounds like you have a PHP script with a security vulnerability, and you think that restricting what the client uses to request the script is going to fix it. This is not a good approach. Just fix the problem. :-)
For example, filter the data you receive from the client before passing it as arguments to the mail() function.
Hope that helps. Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
