RE: Help Defending against Email Injection Attacks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>  - The most foolproof solution I can think of would be to continue
> logging the successful entries to a database and _not_ send the email.
> That way even if they get through, no emails get sent. The form would
> log the feedback and send an email to the admin that a comment is
> available for viewing. Is it time to abandon using mail() for all user
> contributed data?


I think you have hit it on the head.  Don't use the mail() function at all
in your web form.  You already have in place almost everything you need to
thwart these buggers.  Just have cron kick off a script every so often
(5,10,30 minutes?) that reads through the database for new comments, and
mails them to the appropriate recipient(s).

JM

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux