On Fri, 27 Aug 2004, Atanas wrote: > http://mimedefang.asd.aplus.net
Pretty cool. However, using user-supplied data to construct filenames worries me slightly. I can imagine an attacker doing something like: MAIL FROM:<foo///../../../../../../../../etc/[EMAIL PROTECTED]> I can't see any way to really exploit this, given that MIMEDefang should be running as the "defang" user, but still... I would sanitize the incoming e-mail addresses, or better yet, use a SHA1 hash rather than the actual address. -- David. _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
