FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » My contact form is not emailed to me
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: My contact form is not emailed to me [message #173640 is a reply to message #173637] Fri, 22 April 2011 00:04 Go to previous messageGo to previous message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
Senior Member
On 4/21/2011 1:42 PM, P E Schoen wrote:
> "crankypuss" wrote in message
> news:p810r6d6kaa5b6mhqo98f8d53qgno7neh9(at)4ax(dot)com...
>
>> "P E Schoen" <paul(at)pstech-inc(dot)com> wrote:
>
>>> I still don't think anyone would be that much
>>> interested in hacking this site.
>
>> There are people out there who will swerve to run over a cat just
>> because they can, why spend any more time in the middle of the
>> road than you have to?
>
> I agree, but most of this thread became an argument with Jerry based on
> his false assumptions, and now he agrees that the site does not have the
> vulnerability he asserted. This is a special purpose script, functioning
> only to allow a few people to add content to a database, and the email
> is only a notification to me that someone has done so. As such, the
> subject line consists only of hard coded text and a fully authenticated
> name. Jerry may say that it is user-unfriendly, but not for the purpose
> intended.
>
> Certainly I have a lot to learn about security and hacking, but given
> the knowledge of what kinds of attacks are possible, I still believe my
> site to be just about as secure as is reasonable. If the data were
> sensitive, or if hacking could allow someone to use it as a spam portal,
> then I would certainly use more elaborate means to assure security.
>
> Along with the general purpose free PHP script for a secure form mailer
> http://www.dagondesign.com/articles/secure-php-form-mailer-script/, I
> also found this form mail script which uses encryption and has a seven
> year history of security, for $99. http://www.tectite.com/formmailpage.php
>
> There is also the issue of what is "reasonable" security. If I wanted to
> feel totally safe, I could lock myself in my house, and when I went out
> I could wear full body armor, lead shielding, and a gas mask, or I could
> hire a bodyguard. But unless the environment were far more dangerous
> than it is, taking all these precautions would be overkill and diminish
> my ability to enjoy life. The internet is a dangerous place, but for the
> most part there are safe and inexpensive ways to protect against threats
> without extreme limitation of its use and enjoyment.
>
> I have learned a lot from this discussion, and I appreciate the helpful
> responses.
>
> Paul

No, it's all about using fields *properly*. There is a field made for
who the message comes from - it is the From: field.

The Subject: field is for just that - the subject of the message.

Seeing someone use it as a From: field shows the person has no idea what
he is doing - which is the case here.

Fortunately, most clients can recognize an incompetent programmer, and
find someone who can do the job *right*. It takes longer for some then
others, but most figure it out, eventually.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: doctype not found?
Next Topic: Re: Weird stuff
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Fri Nov 29 03:38:51 GMT 2024

Total time taken to generate the page: 0.03733 seconds