Ask yourself why he gives the stuff away in the manner he does.
Lee
---
Obligatory perl schmutter .sig:
perl -e "print chr(rand>.5?92:47) while 1"
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Shawn
> McKinley
> Sent: 17 July 2001 11:24
> To: Rodney Wines; [EMAIL PROTECTED];
> [EMAIL PROTECTED]
> Subject: Re: PERL Inerpreter Path -- PLEASE HELP!!
>
>
>
> > = "19" . $year instead of $year += 1900). He isn't a good Perl
> programmer,
> > and he tends to duplicate a lot of code that's available from CPAN. But
> > formmail.pl sinks to new lows.
>
> Geeze, a little harsh there aren't you, especially when you say later on in
> the email to write your own... I would think that is a prime example of
> reinventing the wheel... I don't know Matt, but I have learned a lot from
> his code (yes, sometimes it is what not to do).
>
> Blows me away the way some folks jump all over those who provide their code
> (and docs to it) to the world for free (even if some of it is not the best).
>
> No matter what, anytime you start interacting with the outside world for
> email, ALWAYS set your recipients from WITHIN. The main problem with Matt's
> formail.pl is that outside users can set the recipients address. This is
> easily fixed if you use only internal email addresses (from a database say).
> Yes, people can still send emails, but they can only send them to those on
> your list, and they must know how you access those on your list as well.
> You can also require a hidden field, or cookie, that houses a user id of
> some kind. But no matter what, there will always be a hack for EVERY setup.
>
> Shawn
>
> > Specifically, if you use formmail.pl, an E-mail spammer can plug in his
> own
> > recipient addresses and send thousands of messages that appear to come
> from
> > your web server. I have a friend who works for a company that used
> > formmail.pl on its corporate web site. As a result, someone sent over
> 50,000
> > "Enlarge Your Penis" advertisements that appeared to come from their
> > corporate web site. Some of the recipients were rather irate, and it was
> > webmaster@website that got all the complaints and not the spammer.
> >
> > I think that there are automated tools out there that just scan web
> servers
> > to see if they can run /cgi-bin/formmail.pl. It's just too easy a hack to
> > pass up.
> >
> > Find a better tool, or write your own. It isn't that hard.
> >
> > _______________________________________________
> > ActivePerl mailing list
> > [EMAIL PROTECTED]
> > http://listserv.ActiveState.com/mailman/listinfo/activeperl
> >
> >
>
> _______________________________________________
> ActivePerl mailing list
> [EMAIL PROTECTED]
> http://listserv.ActiveState.com/mailman/listinfo/activeperl
_______________________________________________
ActivePerl mailing list
[EMAIL PROTECTED]
http://listserv.ActiveState.com/mailman/listinfo/activeperl
