[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Dodgy formmail.pl?

Subject: RE: [cobalt-users] Dodgy formmail.pl?
From: "Dan Kriwitsky" <list1@xxxxxxxxxxxxxxxxxxxx>
Date: Wed Jan 8 06:26:00 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

> On Wednesday, January 8, 2003, at 07:54  AM, Dan Kriwitsky wrote:
> > Are you sure the email address isn't specified in the form 
> someplace 
> > so that it can't be abused?
> 
> I'm sure Dan meant to say, the email address should be 
> specified in the 
> SCRIPT someplace so that it can't be abused.

Yes. Sorry, too early and too cold here. That's how I handle it.

> If the address 
> is specified 
> in the form, say as a value in a hidden field, an abuser could simply 
> change that address in their http request, right?

Right.
-- 
C2002 Dan Kriwitsky

Please reply to the list only. Off list replies are not read.

References:
- Re: [cobalt-users] Dodgy formmail.pl?
  - From: Parker Morse

Prev by Date: RE: [cobalt-users] Dodgy formmail.pl?
Next by Date: Re: [cobalt-users] Classless reverse delegation
Previous by thread: RE: [cobalt-users] Dodgy formmail.pl?
Next by thread: Re: [cobalt-users] Dodgy formmail.pl?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index