Re: My contact form is not emailed to me [message #173620 is a reply to message #173619] |
Wed, 20 April 2011 17:51 |
The Natural Philosoph
Messages: 993 Registered: September 2010
Karma:
|
Senior Member |
|
|
P E Schoen wrote:
> "Jerry Stuckle" wrote in message news:iojo5j$jpo$1(at)dont-email(dot)me...
>
> On 4/19/2011 12:33 AM, P E Schoen wrote:
>
>>> I realize that, but the authorized names and emails are hard coded in
>>> the PHP script which is invoked from the HTML form using POST
>>> variables. Of course, a hacker could figure that out and use his own
>>> form to try to access the script for mass emailing or whatever, but he
>>> would not get past the authentication without somehow knowing the
>>> names and addresses, and then also the password.
>
>> Which isn't that hard if you aren't using secure socket layer
>> (https:...).
>
> The only way I understand would be possible to do this is by listening
> to the data over the network and identifying the CGI variables with that
> information. I suppose that is possible if someone was using a public
> network to access the PHP script. But I doubt that a hacker would want
> to put in that much effort. The content is being used for public
> announcements anyway, so the data is not sensitive.
It is JUST possible if you are using weakly encrypted WiFi.
In practice, there are far easier ways to hack than trying to compromise
ISP and backbone routers.
|
|
|