Re: My contact form is not emailed to me [message #173640 is a reply to message #173637] |
Fri, 22 April 2011 00:04 |
Jerry Stuckle
Messages: 2598 Registered: September 2010
Karma:
|
Senior Member |
|
|
On 4/21/2011 1:42 PM, P E Schoen wrote:
> "crankypuss" wrote in message
> news:p810r6d6kaa5b6mhqo98f8d53qgno7neh9(at)4ax(dot)com...
>
>> "P E Schoen" <paul(at)pstech-inc(dot)com> wrote:
>
>>> I still don't think anyone would be that much
>>> interested in hacking this site.
>
>> There are people out there who will swerve to run over a cat just
>> because they can, why spend any more time in the middle of the
>> road than you have to?
>
> I agree, but most of this thread became an argument with Jerry based on
> his false assumptions, and now he agrees that the site does not have the
> vulnerability he asserted. This is a special purpose script, functioning
> only to allow a few people to add content to a database, and the email
> is only a notification to me that someone has done so. As such, the
> subject line consists only of hard coded text and a fully authenticated
> name. Jerry may say that it is user-unfriendly, but not for the purpose
> intended.
>
> Certainly I have a lot to learn about security and hacking, but given
> the knowledge of what kinds of attacks are possible, I still believe my
> site to be just about as secure as is reasonable. If the data were
> sensitive, or if hacking could allow someone to use it as a spam portal,
> then I would certainly use more elaborate means to assure security.
>
> Along with the general purpose free PHP script for a secure form mailer
> http://www.dagondesign.com/articles/secure-php-form-mailer-script/, I
> also found this form mail script which uses encryption and has a seven
> year history of security, for $99. http://www.tectite.com/formmailpage.php
>
> There is also the issue of what is "reasonable" security. If I wanted to
> feel totally safe, I could lock myself in my house, and when I went out
> I could wear full body armor, lead shielding, and a gas mask, or I could
> hire a bodyguard. But unless the environment were far more dangerous
> than it is, taking all these precautions would be overkill and diminish
> my ability to enjoy life. The internet is a dangerous place, but for the
> most part there are safe and inexpensive ways to protect against threats
> without extreme limitation of its use and enjoyment.
>
> I have learned a lot from this discussion, and I appreciate the helpful
> responses.
>
> Paul
No, it's all about using fields *properly*. There is a field made for
who the message comes from - it is the From: field.
The Subject: field is for just that - the subject of the message.
Seeing someone use it as a From: field shows the person has no idea what
he is doing - which is the case here.
Fortunately, most clients can recognize an incompetent programmer, and
find someone who can do the job *right*. It takes longer for some then
others, but most figure it out, eventually.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|