[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] FormMail Advice
- Subject: Re: [cobalt-users] FormMail Advice
- From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
- Date: Tue Jun 11 11:43:00 2002
- Organization: nobaloney.net
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
"Ray Healy (Data Net Services)" wrote:
> I have been reading some archives and it appears that using the new Matt
> Script FormMail Version 1.92 is still a BAD thing to do even though all the
> security holes have been repaired.
>
> Someone has mentioned using NMS FormMail V1.87 from
> http://nms-cgi.sourceforge.net as this is better with security issues.
>
> Does anyone else use this script and what is your opinion and would you
> advise in using this instead of the Matt Script version.
The answers to this question have also been in the archives <smile>.
If you're comfortable with FormMail but just want a secure verison, you
can download FormMail.pl version 1.9s (the "s" means secure <smile>) by
anonymous ftp from ftp.nobaloney.net. There's a readme file there as
well, that explains it all.
> Also can you set up a generic CGI bin that all virtual sites can use for the
> forms but not actually having access to the CGI bin so the script is never
> touched by outside users - only by me.
Yes, but then you'll be responsible for adding email addresses.
If you've got neomail installed you can look at the bottom of srm.conf
for an exmple of how to create a redirect to a master cgi-bin (which
should definitely be called something else, since people might use their
own cgi-bin directory).
Jeff
--
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net, P. O. Box 52672, Riverside, CA 92517
voice: +1 909 778-9980 * fax: +1 909 548-9484