----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, August 30, 2004 1:56 PM Subject: RE: [Mimedefang] Re: Filesystem based greylisting URL
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Atanas wrote: > > On Fri, 27 Aug 2004, David F. Skoll wrote: > > > MAIL FROM:<foo///../../../../../../../../etc/[EMAIL PROTECTED]> > > > > Slashes should be already taken care of ($file =~ s/\///g;). Instead of taking the user-provided e-mail address, which could contain unsafe characters, how about using a SHA1 hash of the e-mail address string instead (in hex)? That gives you a case-insensitive, and totally safe filename to use. use Digest::SHA1; my $filename = Digest::SHA1->new->add($sender)->hexdigest; Chris Myers Networks By Design _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
